From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] bug#10629: Prevent dynamic and fixed leases overlapping
Date: Thu, 18 Feb 2021 15:18:45 +0000
Message-ID: <C40D1366-2295-4DE3-AF04-1BF9284E34A0@ipfire.org>
In-Reply-To: <817fe023-8abc-72e2-6df4-17252db72d4f@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8869208384426767635=="
List-Id: <development.lists.ipfire.org>

--===============8869208384426767635==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

> On 18 Feb 2021, at 14:01, Adolf Belka (ipfire-dev) <adolf.belka(a)ipfire.or=
g> wrote:
>=20
> Hi Michael,
>=20
> On 18/02/2021 14:06, Michael Tremer wrote:
>> Hi,
>> Yes this is an issue of the old implementation indeed.
>> It has not really bothered me because in most cases you are fine. ISC DHCP=
 still behaves predictable, but not in the way that people expect.
>> Could we change this patch to do the following maybe:
>> * If it is an existing lease it can be edited and a warning is being shown
>> * If it is a new lease being created, an error should be shown as you alre=
ady implemented.
> I should be able to figure out how to do that. I will need to look at how t=
o do Warnings. I have seen them in the code but not looked closely at them ye=
t. This is my opportunity to do so.

Maybe instead of showing this after hitting Save, it is better to show it nex=
t to the IP address field it it overlaps. You wouldn=E2=80=99t need to care w=
hether the entry existed before or not.

>> I think that would help us to inform users about potential problems (which=
 most of them wouldn=E2=80=99t have experienced up to this point in time) and=
 new setup will be correct.
>=20
> The only thing that would be more difficult is if the user expands an exist=
ing dynamic range that already overlaps with two fixed leases so that it now =
overlaps with four fixed leases. It will be difficult to determine which were=
 the original existing and which are the new overlapped leases without having=
 a parameter stored in a file that counts which leases were overlapping when =
the Core Update upgrade is carried out. That could be done but I think the si=
mplest will be that any overlap due to a change in the dynamic range should j=
ust get a warning and not an error. Does that sound okay.

Oh yeah, difficult question.

I did not assume that this was very dynamic before.

Potentially it is a good solution to simply split the pool in the backend and=
 not tell the user. So in the configuration instead of writing 192.168.0.100-=
192.168.0.200, you would add a break for every static lease:

* 192.168.0.100 - 192.168.0.105
* 192.168.0.107 - 192.168.0.112
* 192.168.0.114 - 192.168.0.200

In this example, 192.168.0.106 and 192.168.0.113 would be static leases.

That would make the solution transparent for the user, but a pain for the dev=
eloper.

But I digress=E2=80=A6

I would say the warning is a simple solution to this problem, too.

>> Is that an acceptable compromise?
>=20
> Yes, I can live with that.
>=20
> I will also deal with the other feedback given about the ne in place of the=
 !eq and also the location of the subroutine ip_address_in_ip_range

Just call it =E2=80=9Cip_address_in_range=E2=80=9D. It's shorter :)

-Michael

> Regards,
>=20
> Adolf.
>=20
>> -Michael
>>> On 18 Feb 2021, at 12:17, Adolf Belka (ipfire-dev) <adolf.belka(a)ipfire.=
org> wrote:
>>>=20
>>> Hi Michael,
>>>=20
>>> On 18/02/2021 12:37, Michael Tremer wrote:
>>>> Hello,
>>>> This has come up a couple of times before, and I am not sure if we can m=
ake this change without breaking any existing setups.
>>>> As I understand it, we do. Editing a static lease and hitting save will =
no longer be possible if that IP address is part of the dynamic range.
>>>> Can you confirm that?
>>>=20
>>> If the static lease is edited to have an IP address in the dynamic range =
then it will not be possible any more. There will be an error message saying =
that you have selected an IP from the dynamic range. It will not be entered i=
nto the dhcp.conf file.
>>>=20
>>> If we don't implement this fix then anyone who defines a fixed IP address=
 from the dynamic range is doing something that ISC DHCP say should not be do=
ne.
>>>=20
>>> Most people will probably get away with it most of the time. You could en=
d up with a fixed lease computer off line for some reason and its lease expir=
es. That IP Address can then be given to another computer and when the origin=
al client comes back it cannot get the fixed lease. It will probably be offer=
ed a dynamic lease now. Either way the fixed IP address will now be allocated=
 to a different computer.
>>>=20
>>> pfSense and OPNsense have this restriction implemented in their WUI.
>>>=20
>>> Regards,
>>>=20
>>> Adolf.
>>>=20
>>>>> On 17 Feb 2021, at 13:58, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>>>=20
>>>>> - This is a fix for bug #10629
>>>>> - I have tested this out on my vm testbed system. Everything worked fine
>>>>>  with this. It would be good to get other test feedback in case I have
>>>>>  missed something.
>>>>> - This fix flags up if a fixed lease is created within the existing dyn=
amic
>>>>>  range
>>>>> - This fix also works if a dynamic lease is converted to a fixed lease.=
 A
>>>>>  new IP outside the dynamic range has to be selected.
>>>>> - A check has also been added if the dynamic range is modified to overl=
ap
>>>>>  any existing fixed leases. The error message will also inform how many
>>>>>  fixed leases are now overlapped by the modified dynamic range.
>>>>> - If an interface is disabled and fixed leases within the dynamic range
>>>>>  created or the dynamic range expanded to overlap with existing fixed
>>>>>  leases, then when the interface is enabled again the check is carried
>>>>>  out and catches these and prevents them being set.
>>>>> - New error messages added to en.pl file
>>>>>=20
>>>>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>>>> ---
>>>>> config/cfgroot/general-functions.pl | 18 ++++++++++++
>>>>> doc/language_issues.de              |  2 ++
>>>>> doc/language_issues.en              |  2 ++
>>>>> doc/language_issues.es              |  2 ++
>>>>> doc/language_issues.fr              |  2 ++
>>>>> doc/language_issues.it              |  2 ++
>>>>> doc/language_issues.nl              |  2 ++
>>>>> doc/language_issues.pl              |  2 ++
>>>>> doc/language_issues.ru              |  2 ++
>>>>> doc/language_issues.tr              |  2 ++
>>>>> doc/language_missings               | 24 ++++++++++++++++
>>>>> html/cgi-bin/dhcp.cgi               | 43 +++++++++++++++++++++++++++++
>>>>> langs/en/cgi-bin/en.pl              |  3 ++
>>>>> 13 files changed, 106 insertions(+)
>>>>>=20
>>>>> diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/gener=
al-functions.pl
>>>>> index a6656ccf5..a8c8d171c 100644
>>>>> --- a/config/cfgroot/general-functions.pl
>>>>> +++ b/config/cfgroot/general-functions.pl
>>>>> @@ -591,6 +591,24 @@ sub check_net_internal_exact{
>>>>> 	if (($ownnet{'RED_NETADDRESS'} 		ne '' && $ownnet{'RED_NETADDRESS'} 		=
ne '0.0.0.0') && &Network::network_equal("$ownnet{'RED_NETADDRESS'}/$ownnet{'=
RED_NETMASK'}", $network)){ $errormessage=3D$Lang::tr{'ccd err red'};return $=
errormessage;}
>>>>> }
>>>>>=20
>>>>> +sub ip_address_in_ip_range($$) {
>>>>> +# Returns True if $ipaddress is within $ipstart and $ipend range.
>>>>> +	my $ipaddress =3D shift;
>>>>> +	my $ipstart =3D shift;
>>>>> +	my $ipend =3D shift;
>>>>> +
>>>>> +	my $ipaddress_bin =3D &Network::ip2bin($ipaddress);
>>>>> +	return undef unless (defined $ipaddress_bin);
>>>>> +
>>>>> +	my $ipstart_bin =3D &Network::ip2bin($ipstart);
>>>>> +	return undef unless (defined $ipstart_bin);
>>>>> +
>>>>> +	my $ipend_bin =3D &Network::ip2bin($ipend);
>>>>> +	return undef unless (defined $ipend_bin);
>>>>> +
>>>>> +	return (($ipaddress_bin >=3D $ipstart_bin) && ($ipaddress_bin <=3D $i=
pend_bin));
>>>>> +}
>>>> This function should live in network-functions.pl since it clearly is a =
network function :)
>>>> Ideally a test could be added for it at the end of it.
>>>>> +
>>>>> sub validport
>>>>> {
>>>>> 	$_ =3D $_[0];
>>>>> diff --git a/doc/language_issues.de b/doc/language_issues.de
>>>>> index 5d079036a..cb3e89b2e 100644
>>>>> --- a/doc/language_issues.de
>>>>> +++ b/doc/language_issues.de
>>>>> @@ -840,6 +840,8 @@ WARNING: translation string unused: zoneconf val vl=
an amount assignment error
>>>>> WARNING: translation string unused: zoneconf val vlan tag assignment er=
ror
>>>>> WARNING: translation string unused: zoneconf val zoneslave amount error
>>>>> WARNING: untranslated string: desired =3D Desired
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: disable =3D Disable
>>>>> WARNING: untranslated string: enable =3D Enable
>>>>> WARNING: untranslated string: error the to date has to be later than th=
e from date =3D The to date has to be later than the from date!
>>>>> diff --git a/doc/language_issues.en b/doc/language_issues.en
>>>>> index 6e30eb995..832ff8d92 100644
>>>>> --- a/doc/language_issues.en
>>>>> +++ b/doc/language_issues.en
>>>>> @@ -582,6 +582,8 @@ WARNING: untranslated string: dhcp dns key name =3D=
 Key Name
>>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update
>>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm
>>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: dhcp server =3D DHCP Server
>>>>> WARNING: untranslated string: dhcp server disabled =3D DHCP server disa=
bled.  Stopped.
>>>>> WARNING: untranslated string: dhcp server enabled =3D DHCP server enabl=
ed.  Restarting.
>>>>> diff --git a/doc/language_issues.es b/doc/language_issues.es
>>>>> index 82d65d99c..b65ecd164 100644
>>>>> --- a/doc/language_issues.es
>>>>> +++ b/doc/language_issues.es
>>>>> @@ -893,6 +893,8 @@ WARNING: untranslated string: dhcp dns key name =3D=
 Key Name
>>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update
>>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm
>>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: dhcp valid range required when deny known=
 clients checked =3D Valid range required when "Deny known clients:" is check=
ed
>>>>> WARNING: untranslated string: disable =3D Disable
>>>>> WARNING: untranslated string: disconnected =3D Disconnected
>>>>> diff --git a/doc/language_issues.fr b/doc/language_issues.fr
>>>>> index 942be73ec..71de90bd7 100644
>>>>> --- a/doc/language_issues.fr
>>>>> +++ b/doc/language_issues.fr
>>>>> @@ -880,6 +880,8 @@ WARNING: translation string unused: zoneconf val vl=
an amount assignment error
>>>>> WARNING: translation string unused: zoneconf val vlan tag assignment er=
ror
>>>>> WARNING: translation string unused: zoneconf val zoneslave amount error
>>>>> WARNING: untranslated string: dhcp deny known clients: =3D Deny known c=
lients:
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: dhcp valid range required when deny known=
 clients checked =3D Valid range required when "Deny known clients:" is check=
ed
>>>>> WARNING: untranslated string: fwhost cust locationgrp =3D unknown string
>>>>> WARNING: untranslated string: fwhost err hostip =3D unknown string
>>>>> diff --git a/doc/language_issues.it b/doc/language_issues.it
>>>>> index 98074e59f..a4cd8c5db 100644
>>>>> --- a/doc/language_issues.it
>>>>> +++ b/doc/language_issues.it
>>>>> @@ -917,6 +917,8 @@ WARNING: untranslated string: dhcp dns key name =3D=
 Key Name
>>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update
>>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm
>>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: dhcp valid range required when deny known=
 clients checked =3D Valid range required when "Deny known clients:" is check=
ed
>>>>> WARNING: untranslated string: disable =3D Disable
>>>>> WARNING: untranslated string: disconnected =3D Disconnected
>>>>> diff --git a/doc/language_issues.nl b/doc/language_issues.nl
>>>>> index 8eebbd57f..9cef4790e 100644
>>>>> --- a/doc/language_issues.nl
>>>>> +++ b/doc/language_issues.nl
>>>>> @@ -918,6 +918,8 @@ WARNING: untranslated string: dhcp dns key name =3D=
 Key Name
>>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update
>>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm
>>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: disable =3D Disable
>>>>> WARNING: untranslated string: disconnected =3D Disconnected
>>>>> WARNING: untranslated string: dl client arch insecure =3D Download inse=
cure Client Package (zip)
>>>>> diff --git a/doc/language_issues.pl b/doc/language_issues.pl
>>>>> index 82d65d99c..b65ecd164 100644
>>>>> --- a/doc/language_issues.pl
>>>>> +++ b/doc/language_issues.pl
>>>>> @@ -893,6 +893,8 @@ WARNING: untranslated string: dhcp dns key name =3D=
 Key Name
>>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update
>>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm
>>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: dhcp valid range required when deny known=
 clients checked =3D Valid range required when "Deny known clients:" is check=
ed
>>>>> WARNING: untranslated string: disable =3D Disable
>>>>> WARNING: untranslated string: disconnected =3D Disconnected
>>>>> diff --git a/doc/language_issues.ru b/doc/language_issues.ru
>>>>> index 43c1f8c08..76fd6b350 100644
>>>>> --- a/doc/language_issues.ru
>>>>> +++ b/doc/language_issues.ru
>>>>> @@ -895,6 +895,8 @@ WARNING: untranslated string: dhcp dns key name =3D=
 Key Name
>>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update
>>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm
>>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: dhcp valid range required when deny known=
 clients checked =3D Valid range required when "Deny known clients:" is check=
ed
>>>>> WARNING: untranslated string: disable =3D Disable
>>>>> WARNING: untranslated string: disconnected =3D Disconnected
>>>>> diff --git a/doc/language_issues.tr b/doc/language_issues.tr
>>>>> index 439a58890..bd78a5a4e 100644
>>>>> --- a/doc/language_issues.tr
>>>>> +++ b/doc/language_issues.tr
>>>>> @@ -896,6 +896,8 @@ WARNING: untranslated string: dangerous =3D Dangero=
us
>>>>> WARNING: untranslated string: default IP address =3D Default IP Address
>>>>> WARNING: untranslated string: desired =3D Desired
>>>>> WARNING: untranslated string: dhcp deny known clients: =3D Deny known c=
lients:
>>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic r=
ange overlapped with
>>>>> +WARNING: untranslated string: dhcp fixed ip address =3D  Fixed IP Addr=
ess(es)
>>>>> WARNING: untranslated string: dhcp valid range required when deny known=
 clients checked =3D Valid range required when "Deny known clients:" is check=
ed
>>>>> WARNING: untranslated string: disable =3D Disable
>>>>> WARNING: untranslated string: disconnected =3D Disconnected
>>>>> diff --git a/doc/language_missings b/doc/language_missings
>>>>> index 0d89426ca..3d6c5103d 100644
>>>>> --- a/doc/language_missings
>>>>> +++ b/doc/language_missings
>>>>> @@ -28,6 +28,9 @@
>>>>> < could not connect to www ipfire org
>>>>> < cryptographic settings
>>>>> < desired
>>>>> +< dhcp dynamic range overlap
>>>>> +< dhcp fixed ip address
>>>>> +< dhcp fixed ip address in dynamic range
>>>>> < dhcp server disabled on blue interface
>>>>> < dhcp server enabled on blue interface
>>>>> < dh name is invalid
>>>>> @@ -230,6 +233,9 @@
>>>>> < dhcp dns update
>>>>> < dhcp dns update algo
>>>>> < dhcp dns update secret
>>>>> +< dhcp dynamic range overlap
>>>>> +< dhcp fixed ip address
>>>>> +< dhcp fixed ip address in dynamic range
>>>>> < dhcp valid range required when deny known clients checked
>>>>> < dh key move failed
>>>>> < dh key warn
>>>>> @@ -969,6 +975,9 @@
>>>>> < bewan adsl pci st
>>>>> < bewan adsl usb
>>>>> < dhcp deny known clients:
>>>>> +< dhcp dynamic range overlap
>>>>> +< dhcp fixed ip address
>>>>> +< dhcp fixed ip address in dynamic range
>>>>> < dhcp valid range required when deny known clients checked
>>>>> < g.dtm
>>>>> < g.lite
>>>>> @@ -1071,6 +1080,9 @@
>>>>> < dhcp dns update
>>>>> < dhcp dns update algo
>>>>> < dhcp dns update secret
>>>>> +< dhcp dynamic range overlap
>>>>> +< dhcp fixed ip address
>>>>> +< dhcp fixed ip address in dynamic range
>>>>> < dhcp valid range required when deny known clients checked
>>>>> < disable
>>>>> < Disabled
>>>>> @@ -1460,6 +1472,9 @@
>>>>> < dhcp dns update
>>>>> < dhcp dns update algo
>>>>> < dhcp dns update secret
>>>>> +< dhcp dynamic range overlap
>>>>> +< dhcp fixed ip address
>>>>> +< dhcp fixed ip address in dynamic range
>>>>> < dh key move failed
>>>>> < dh key warn
>>>>> < dh key warn1
>>>>> @@ -1965,6 +1980,9 @@
>>>>> < dhcp dns update
>>>>> < dhcp dns update algo
>>>>> < dhcp dns update secret
>>>>> +< dhcp dynamic range overlap
>>>>> +< dhcp fixed ip address
>>>>> +< dhcp fixed ip address in dynamic range
>>>>> < dhcp valid range required when deny known clients checked
>>>>> < dh key move failed
>>>>> < dh key warn
>>>>> @@ -2848,6 +2866,9 @@
>>>>> < dhcp dns update
>>>>> < dhcp dns update algo
>>>>> < dhcp dns update secret
>>>>> +< dhcp dynamic range overlap
>>>>> +< dhcp fixed ip address
>>>>> +< dhcp fixed ip address in dynamic range
>>>>> < dhcp valid range required when deny known clients checked
>>>>> < dh key move failed
>>>>> < dh key warn
>>>>> @@ -3595,6 +3616,9 @@
>>>>> < default IP address
>>>>> < desired
>>>>> < dhcp deny known clients:
>>>>> +< dhcp dynamic range overlap
>>>>> +< dhcp fixed ip address
>>>>> +< dhcp fixed ip address in dynamic range
>>>>> < dhcp valid range required when deny known clients checked
>>>>> < disable
>>>>> < Disabled
>>>>> diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
>>>>> index 867614f2a..82ea754c7 100644
>>>>> --- a/html/cgi-bin/dhcp.cgi
>>>>> +++ b/html/cgi-bin/dhcp.cgi
>>>>> @@ -130,6 +130,7 @@ open(FILE, "$filename2") or die 'Unable to open fix=
ed leases file.';
>>>>> our @current2 =3D <FILE>;
>>>>> close(FILE);
>>>>>=20
>>>>> +
>>>>> # Check Settings1 first because they are needed by &buildconf
>>>>> if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
>>>>>     foreach my $itf (@ITFs) {
>>>>> @@ -183,6 +184,24 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
>>>>> 		}
>>>>> 	    }
>>>>>=20
>>>>> +	    # Check if dynamic range and Fixed IP Addresses overlap
>>>>> +	    if ((!$dhcpsettings{"START_ADDR_${itf}"}) eq '' && (!$dhcpsetting=
s{"END_ADDR_${itf}"}) eq '') {
>>>> For better readability, writing =E2=80=9Cne=E2=80=9D instead of !eq migh=
t be a good idea.
>>>>> +		my $count=3D0;
>>>>> +		foreach my $line (@current2) {
>>>>> +			chomp($line);
>>>>> +			my @temp =3D split(/\,/,$line);
>>>>> +			if (&General::ip_address_in_ip_range($temp[1],
>>>>> +							     $dhcpsettings{"START_ADDR_${itf}"},
>>>>> +							     $dhcpsettings{"END_ADDR_${itf}"})) {
>>>>> +				$count++;
>>>>> +			}
>>>>> +		}
>>>>> +		if ($count > 0) {
>>>>> +			$errormessage =3D "DHCP on ${itf}: " . $Lang::tr{'dhcp dynamic rang=
e overlap'} . $count . $Lang::tr{'dhcp fixed ip address'};
>>>>> +			goto ERROR;
>>>>> +		}
>>>>> +	    }
>>>>> +
>>>>> 	    if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =3D~ /^\d+$/)) {
>>>>> 		$errormessage =3D "DHCP on ${itf}: " . $Lang::tr{'invalid default lea=
se time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'};
>>>>> 		goto ERROR;
>>>>> @@ -415,10 +434,34 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'toggle =
enable disable'}.'2') {
>>>>> if ($dhcpsettings{'ACTION'} eq $Lang::tr{'add'}.'2') {
>>>>>     $dhcpsettings{'FIX_MAC'} =3D~ tr/-/:/;
>>>>>     unless(&General::validip($dhcpsettings{'FIX_ADDR'})) { $errormessag=
e =3D $Lang::tr{'invalid fixed ip address'}; }
>>>>> +# Check if fixed address is in the dynamic range, if defined
>>>>> +    foreach my $itf (@ITFs) {
>>>>> +	if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ) {
>>>>> +		if ($dhcpsettings{"START_ADDR_${itf}"}) {
>>>>> +    			if (&General::ip_address_in_ip_range($dhcpsettings{'FIX_ADDR'},
>>>>> +							     $dhcpsettings{"START_ADDR_${itf}"},
>>>>> +							     $dhcpsettings{"END_ADDR_${itf}"})) {
>>>>> +				$errormessage =3D $Lang::tr{"dhcp fixed ip address in dynamic rang=
e"};
>>>>> +			}
>>>>> +		}
>>>>> +	}
>>>>> +    }
>>>>>     unless(&General::validmac($dhcpsettings{'FIX_MAC'})) { $errormessag=
e =3D $Lang::tr{'invalid fixed mac address'}; }
>>>>>     if ($dhcpsettings{'FIX_NEXTADDR'}) {
>>>>>         unless(&General::validip($dhcpsettings{'FIX_NEXTADDR'})) { $err=
ormessage =3D $Lang::tr{'invalid fixed ip address'}; }
>>>>>     }
>>>>> +# Check if fixed next address is in the dynamic range, if defined
>>>>> +    foreach my $itf (@ITFs) {
>>>>> +	if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ) {
>>>>> +		if ($dhcpsettings{"START_ADDR_${itf}"}) {
>>>>> +    			if (&General::ip_address_in_ip_range($dhcpsettings{'FIX_NEXTADD=
R'},
>>>>> +							     $dhcpsettings{"START_ADDR_${itf}"},
>>>>> +							     $dhcpsettings{"END_ADDR_${itf}"})) {
>>>>> +				$errormessage =3D $Lang::tr{"dhcp fixed ip address in dynamic rang=
e"};
>>>>> +			}
>>>>> +		}
>>>>> +	}
>>>>> +    }
>>>>> =09
>>>>>     my $key =3D 0;
>>>>>     CHECK:foreach my $line (@current2) {
>>>>> diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
>>>>> index 95a1cfda4..0dbdf7bd5 100644
>>>>> --- a/langs/en/cgi-bin/en.pl
>>>>> +++ b/langs/en/cgi-bin/en.pl
>>>>> @@ -806,6 +806,9 @@
>>>>> 'dhcp dns update' =3D> 'DNS Update',
>>>>> 'dhcp dns update algo' =3D> 'Algorithm',
>>>>> 'dhcp dns update secret' =3D> 'Secret',
>>>>> +'dhcp dynamic range overlap' =3D> 'Dynamic range overlapped with ',
>>>>> +'dhcp fixed ip address' =3D> ' Fixed IP Address(es)',
>>>>> +'dhcp fixed ip address in dynamic range' =3D> 'Fixed IP Address in dyn=
amic range is not allowed',
>>>>> 'dhcp fixed lease err1' =3D> 'For a fix lease you have to enter the MAC=
 address or the hostname, or you enter both.',
>>>>> 'dhcp fixed lease help1' =3D> 'IP Addresses might be entered as FQDN',
>>>>> 'dhcp mode' =3D> 'DHCP',
>>>>> --=20
>>>>> 2.30.1
>>>>>=20


--===============8869208384426767635==--