From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] fwhosts.cgi: properly fetch configured IPsec N2N subnets
Date: Thu, 22 Apr 2021 22:20:00 +0200
Message-ID: <ac8e8aff-b4fb-3392-8d25-c85f9d286ca2@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4043551457674133745=="
List-Id: <development.lists.ipfire.org>

--===============4043551457674133745==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Previously, the getcolor() function did not correctly process IPsec
N2N connections with more than one remote network configured, resulting
in networks mistakenly marked as being part of a VPN connection, or vice
versa.

Fixes: #11235

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 html/cgi-bin/fwhosts.cgi | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 84b018459..648fc7c8e 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -1974,11 +1974,13 @@ sub getcolor
 		#Check if IP is part of a IPsec N2N network
 		foreach my $key (sort keys %ipsecconf){
 			if ($ipsecconf{$key}[11]){
-				my ($a,$b) = split("/",$ipsecconf{$key}[11]);
-				$b=&General::iporsubtodec($b);
-				if (&General::IpInSubnet($sip,$a,$b)){
-					$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
-					return $tdcolor;
+				foreach my $ipsecsubitem (split(/\|/, $ipsecconf{$key}[11])) {
+					my ($a,$b) = split("/",$ipsecsubitem);
+					$b=&General::iporsubtodec($b);
+					if (&General::IpInSubnet($sip,$a,$b)){
+						$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
+						return $tdcolor;
+					}
 				}
 			}
 		}
-- 
2.26.2

--===============4043551457674133745==--