From: "Adolf Belka (ipfire-dev)" <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Aw: [PATCH] bug#10629: Prevent dynamic and fixed leases overlapping
Date: Wed, 17 Feb 2021 22:21:27 +0100 [thread overview]
Message-ID: <e8663f59-eae1-6244-9ac2-158e8a985e85@ipfire.org> (raw)
In-Reply-To: <trinity-e79315e3-ec4b-42e1-8d75-cb79547b9fa9-1613590736177@3c-app-gmx-bap49>
[-- Attachment #1: Type: text/plain, Size: 18524 bytes --]
Hi Bernhard,
Yes that does look better. I will wait a few days for any other feedback and then create a v2 patch.
Thanks very much.
Adolf.
On 17/02/2021 20:38, Bernhard Bitsch wrote:
> Hi,
> just an annotation, see below
>
>> Gesendet: Mittwoch, 17. Februar 2021 um 14:58 Uhr
>> Von: "Adolf Belka" <adolf.belka(a)ipfire.org>
>> An: development(a)lists.ipfire.org
>> Betreff: [PATCH] bug#10629: Prevent dynamic and fixed leases overlapping
>>
>> - This is a fix for bug #10629
>> - I have tested this out on my vm testbed system. Everything worked fine
>> with this. It would be good to get other test feedback in case I have
>> missed something.
>> - This fix flags up if a fixed lease is created within the existing dynamic
>> range
>> - This fix also works if a dynamic lease is converted to a fixed lease. A
>> new IP outside the dynamic range has to be selected.
>> - A check has also been added if the dynamic range is modified to overlap
>> any existing fixed leases. The error message will also inform how many
>> fixed leases are now overlapped by the modified dynamic range.
>> - If an interface is disabled and fixed leases within the dynamic range
>> created or the dynamic range expanded to overlap with existing fixed
>> leases, then when the interface is enabled again the check is carried
>> out and catches these and prevents them being set.
>> - New error messages added to en.pl file
>>
>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> ---
>> config/cfgroot/general-functions.pl | 18 ++++++++++++
>> doc/language_issues.de | 2 ++
>> doc/language_issues.en | 2 ++
>> doc/language_issues.es | 2 ++
>> doc/language_issues.fr | 2 ++
>> doc/language_issues.it | 2 ++
>> doc/language_issues.nl | 2 ++
>> doc/language_issues.pl | 2 ++
>> doc/language_issues.ru | 2 ++
>> doc/language_issues.tr | 2 ++
>> doc/language_missings | 24 ++++++++++++++++
>> html/cgi-bin/dhcp.cgi | 43 +++++++++++++++++++++++++++++
>> langs/en/cgi-bin/en.pl | 3 ++
>> 13 files changed, 106 insertions(+)
>>
>> diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
>> index a6656ccf5..a8c8d171c 100644
>> --- a/config/cfgroot/general-functions.pl
>> +++ b/config/cfgroot/general-functions.pl
>> @@ -591,6 +591,24 @@ sub check_net_internal_exact{
>> if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'RED_NETADDRESS'}/$ownnet{'RED_NETMASK'}", $network)){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
>> }
>>
>> +sub ip_address_in_ip_range($$) {
>> +# Returns True if $ipaddress is within $ipstart and $ipend range.
>> + my $ipaddress = shift;
>> + my $ipstart = shift;
>> + my $ipend = shift;
>> +
>> + my $ipaddress_bin = &Network::ip2bin($ipaddress);
>> + return undef unless (defined $ipaddress_bin);
>> +
>> + my $ipstart_bin = &Network::ip2bin($ipstart);
>> + return undef unless (defined $ipstart_bin);
>> +
>> + my $ipend_bin = &Network::ip2bin($ipend);
>> + return undef unless (defined $ipend_bin);
>> +
>> + return (($ipaddress_bin >= $ipstart_bin) && ($ipaddress_bin <= $ipend_bin));
>> +}
>> +
>> sub validport
>> {
>> $_ = $_[0];
>> diff --git a/doc/language_issues.de b/doc/language_issues.de
>> index 5d079036a..cb3e89b2e 100644
>> --- a/doc/language_issues.de
>> +++ b/doc/language_issues.de
>> @@ -840,6 +840,8 @@ WARNING: translation string unused: zoneconf val vlan amount assignment error
>> WARNING: translation string unused: zoneconf val vlan tag assignment error
>> WARNING: translation string unused: zoneconf val zoneslave amount error
>> WARNING: untranslated string: desired = Desired
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: disable = Disable
>> WARNING: untranslated string: enable = Enable
>> WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
>> diff --git a/doc/language_issues.en b/doc/language_issues.en
>> index 6e30eb995..832ff8d92 100644
>> --- a/doc/language_issues.en
>> +++ b/doc/language_issues.en
>> @@ -582,6 +582,8 @@ WARNING: untranslated string: dhcp dns key name = Key Name
>> WARNING: untranslated string: dhcp dns update = DNS Update
>> WARNING: untranslated string: dhcp dns update algo = Algorithm
>> WARNING: untranslated string: dhcp dns update secret = Secret
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: dhcp server = DHCP Server
>> WARNING: untranslated string: dhcp server disabled = DHCP server disabled. Stopped.
>> WARNING: untranslated string: dhcp server enabled = DHCP server enabled. Restarting.
>> diff --git a/doc/language_issues.es b/doc/language_issues.es
>> index 82d65d99c..b65ecd164 100644
>> --- a/doc/language_issues.es
>> +++ b/doc/language_issues.es
>> @@ -893,6 +893,8 @@ WARNING: untranslated string: dhcp dns key name = Key Name
>> WARNING: untranslated string: dhcp dns update = DNS Update
>> WARNING: untranslated string: dhcp dns update algo = Algorithm
>> WARNING: untranslated string: dhcp dns update secret = Secret
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
>> WARNING: untranslated string: disable = Disable
>> WARNING: untranslated string: disconnected = Disconnected
>> diff --git a/doc/language_issues.fr b/doc/language_issues.fr
>> index 942be73ec..71de90bd7 100644
>> --- a/doc/language_issues.fr
>> +++ b/doc/language_issues.fr
>> @@ -880,6 +880,8 @@ WARNING: translation string unused: zoneconf val vlan amount assignment error
>> WARNING: translation string unused: zoneconf val vlan tag assignment error
>> WARNING: translation string unused: zoneconf val zoneslave amount error
>> WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
>> WARNING: untranslated string: fwhost cust locationgrp = unknown string
>> WARNING: untranslated string: fwhost err hostip = unknown string
>> diff --git a/doc/language_issues.it b/doc/language_issues.it
>> index 98074e59f..a4cd8c5db 100644
>> --- a/doc/language_issues.it
>> +++ b/doc/language_issues.it
>> @@ -917,6 +917,8 @@ WARNING: untranslated string: dhcp dns key name = Key Name
>> WARNING: untranslated string: dhcp dns update = DNS Update
>> WARNING: untranslated string: dhcp dns update algo = Algorithm
>> WARNING: untranslated string: dhcp dns update secret = Secret
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
>> WARNING: untranslated string: disable = Disable
>> WARNING: untranslated string: disconnected = Disconnected
>> diff --git a/doc/language_issues.nl b/doc/language_issues.nl
>> index 8eebbd57f..9cef4790e 100644
>> --- a/doc/language_issues.nl
>> +++ b/doc/language_issues.nl
>> @@ -918,6 +918,8 @@ WARNING: untranslated string: dhcp dns key name = Key Name
>> WARNING: untranslated string: dhcp dns update = DNS Update
>> WARNING: untranslated string: dhcp dns update algo = Algorithm
>> WARNING: untranslated string: dhcp dns update secret = Secret
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: disable = Disable
>> WARNING: untranslated string: disconnected = Disconnected
>> WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
>> diff --git a/doc/language_issues.pl b/doc/language_issues.pl
>> index 82d65d99c..b65ecd164 100644
>> --- a/doc/language_issues.pl
>> +++ b/doc/language_issues.pl
>> @@ -893,6 +893,8 @@ WARNING: untranslated string: dhcp dns key name = Key Name
>> WARNING: untranslated string: dhcp dns update = DNS Update
>> WARNING: untranslated string: dhcp dns update algo = Algorithm
>> WARNING: untranslated string: dhcp dns update secret = Secret
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
>> WARNING: untranslated string: disable = Disable
>> WARNING: untranslated string: disconnected = Disconnected
>> diff --git a/doc/language_issues.ru b/doc/language_issues.ru
>> index 43c1f8c08..76fd6b350 100644
>> --- a/doc/language_issues.ru
>> +++ b/doc/language_issues.ru
>> @@ -895,6 +895,8 @@ WARNING: untranslated string: dhcp dns key name = Key Name
>> WARNING: untranslated string: dhcp dns update = DNS Update
>> WARNING: untranslated string: dhcp dns update algo = Algorithm
>> WARNING: untranslated string: dhcp dns update secret = Secret
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
>> WARNING: untranslated string: disable = Disable
>> WARNING: untranslated string: disconnected = Disconnected
>> diff --git a/doc/language_issues.tr b/doc/language_issues.tr
>> index 439a58890..bd78a5a4e 100644
>> --- a/doc/language_issues.tr
>> +++ b/doc/language_issues.tr
>> @@ -896,6 +896,8 @@ WARNING: untranslated string: dangerous = Dangerous
>> WARNING: untranslated string: default IP address = Default IP Address
>> WARNING: untranslated string: desired = Desired
>> WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
>> +WARNING: untranslated string: dhcp dynamic range overlap = Dynamic range overlapped with
>> +WARNING: untranslated string: dhcp fixed ip address = Fixed IP Address(es)
>> WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
>> WARNING: untranslated string: disable = Disable
>> WARNING: untranslated string: disconnected = Disconnected
>> diff --git a/doc/language_missings b/doc/language_missings
>> index 0d89426ca..3d6c5103d 100644
>> --- a/doc/language_missings
>> +++ b/doc/language_missings
>> @@ -28,6 +28,9 @@
>> < could not connect to www ipfire org
>> < cryptographic settings
>> < desired
>> +< dhcp dynamic range overlap
>> +< dhcp fixed ip address
>> +< dhcp fixed ip address in dynamic range
>> < dhcp server disabled on blue interface
>> < dhcp server enabled on blue interface
>> < dh name is invalid
>> @@ -230,6 +233,9 @@
>> < dhcp dns update
>> < dhcp dns update algo
>> < dhcp dns update secret
>> +< dhcp dynamic range overlap
>> +< dhcp fixed ip address
>> +< dhcp fixed ip address in dynamic range
>> < dhcp valid range required when deny known clients checked
>> < dh key move failed
>> < dh key warn
>> @@ -969,6 +975,9 @@
>> < bewan adsl pci st
>> < bewan adsl usb
>> < dhcp deny known clients:
>> +< dhcp dynamic range overlap
>> +< dhcp fixed ip address
>> +< dhcp fixed ip address in dynamic range
>> < dhcp valid range required when deny known clients checked
>> < g.dtm
>> < g.lite
>> @@ -1071,6 +1080,9 @@
>> < dhcp dns update
>> < dhcp dns update algo
>> < dhcp dns update secret
>> +< dhcp dynamic range overlap
>> +< dhcp fixed ip address
>> +< dhcp fixed ip address in dynamic range
>> < dhcp valid range required when deny known clients checked
>> < disable
>> < Disabled
>> @@ -1460,6 +1472,9 @@
>> < dhcp dns update
>> < dhcp dns update algo
>> < dhcp dns update secret
>> +< dhcp dynamic range overlap
>> +< dhcp fixed ip address
>> +< dhcp fixed ip address in dynamic range
>> < dh key move failed
>> < dh key warn
>> < dh key warn1
>> @@ -1965,6 +1980,9 @@
>> < dhcp dns update
>> < dhcp dns update algo
>> < dhcp dns update secret
>> +< dhcp dynamic range overlap
>> +< dhcp fixed ip address
>> +< dhcp fixed ip address in dynamic range
>> < dhcp valid range required when deny known clients checked
>> < dh key move failed
>> < dh key warn
>> @@ -2848,6 +2866,9 @@
>> < dhcp dns update
>> < dhcp dns update algo
>> < dhcp dns update secret
>> +< dhcp dynamic range overlap
>> +< dhcp fixed ip address
>> +< dhcp fixed ip address in dynamic range
>> < dhcp valid range required when deny known clients checked
>> < dh key move failed
>> < dh key warn
>> @@ -3595,6 +3616,9 @@
>> < default IP address
>> < desired
>> < dhcp deny known clients:
>> +< dhcp dynamic range overlap
>> +< dhcp fixed ip address
>> +< dhcp fixed ip address in dynamic range
>> < dhcp valid range required when deny known clients checked
>> < disable
>> < Disabled
>> diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
>> index 867614f2a..82ea754c7 100644
>> --- a/html/cgi-bin/dhcp.cgi
>> +++ b/html/cgi-bin/dhcp.cgi
>> @@ -130,6 +130,7 @@ open(FILE, "$filename2") or die 'Unable to open fixed leases file.';
>> our @current2 = <FILE>;
>> close(FILE);
>>
>> +
>> # Check Settings1 first because they are needed by &buildconf
>> if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
>> foreach my $itf (@ITFs) {
>> @@ -183,6 +184,24 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
>> }
>> }
>>
>> + # Check if dynamic range and Fixed IP Addresses overlap
>> + if ((!$dhcpsettings{"START_ADDR_${itf}"}) eq '' && (!$dhcpsettings{"END_ADDR_${itf}"}) eq '') {
>
> Shouldn't this read
> if (($dhcpsettings{"START_ADDR_${itf}"}) ne '' && ($dhcpsettings{"END_ADDR_${itf}"}) ne '') {
>
> - Bernhard
>> + my $count=0;
>> + foreach my $line (@current2) {
>> + chomp($line);
>> + my @temp = split(/\,/,$line);
>> + if (&General::ip_address_in_ip_range($temp[1],
>> + $dhcpsettings{"START_ADDR_${itf}"},
>> + $dhcpsettings{"END_ADDR_${itf}"})) {
>> + $count++;
>> + }
>> + }
>> + if ($count > 0) {
>> + $errormessage = "DHCP on ${itf}: " . $Lang::tr{'dhcp dynamic range overlap'} . $count . $Lang::tr{'dhcp fixed ip address'};
>> + goto ERROR;
>> + }
>> + }
>> +
>> if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
>> $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid default lease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'};
>> goto ERROR;
>> @@ -415,10 +434,34 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'toggle enable disable'}.'2') {
>> if ($dhcpsettings{'ACTION'} eq $Lang::tr{'add'}.'2') {
>> $dhcpsettings{'FIX_MAC'} =~ tr/-/:/;
>> unless(&General::validip($dhcpsettings{'FIX_ADDR'})) { $errormessage = $Lang::tr{'invalid fixed ip address'}; }
>> +# Check if fixed address is in the dynamic range, if defined
>> + foreach my $itf (@ITFs) {
>> + if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ) {
>> + if ($dhcpsettings{"START_ADDR_${itf}"}) {
>> + if (&General::ip_address_in_ip_range($dhcpsettings{'FIX_ADDR'},
>> + $dhcpsettings{"START_ADDR_${itf}"},
>> + $dhcpsettings{"END_ADDR_${itf}"})) {
>> + $errormessage = $Lang::tr{"dhcp fixed ip address in dynamic range"};
>> + }
>> + }
>> + }
>> + }
>> unless(&General::validmac($dhcpsettings{'FIX_MAC'})) { $errormessage = $Lang::tr{'invalid fixed mac address'}; }
>> if ($dhcpsettings{'FIX_NEXTADDR'}) {
>> unless(&General::validip($dhcpsettings{'FIX_NEXTADDR'})) { $errormessage = $Lang::tr{'invalid fixed ip address'}; }
>> }
>> +# Check if fixed next address is in the dynamic range, if defined
>> + foreach my $itf (@ITFs) {
>> + if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ) {
>> + if ($dhcpsettings{"START_ADDR_${itf}"}) {
>> + if (&General::ip_address_in_ip_range($dhcpsettings{'FIX_NEXTADDR'},
>> + $dhcpsettings{"START_ADDR_${itf}"},
>> + $dhcpsettings{"END_ADDR_${itf}"})) {
>> + $errormessage = $Lang::tr{"dhcp fixed ip address in dynamic range"};
>> + }
>> + }
>> + }
>> + }
>>
>> my $key = 0;
>> CHECK:foreach my $line (@current2) {
>> diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
>> index 95a1cfda4..0dbdf7bd5 100644
>> --- a/langs/en/cgi-bin/en.pl
>> +++ b/langs/en/cgi-bin/en.pl
>> @@ -806,6 +806,9 @@
>> 'dhcp dns update' => 'DNS Update',
>> 'dhcp dns update algo' => 'Algorithm',
>> 'dhcp dns update secret' => 'Secret',
>> +'dhcp dynamic range overlap' => 'Dynamic range overlapped with ',
>> +'dhcp fixed ip address' => ' Fixed IP Address(es)',
>> +'dhcp fixed ip address in dynamic range' => 'Fixed IP Address in dynamic range is not allowed',
>> 'dhcp fixed lease err1' => 'For a fix lease you have to enter the MAC address or the hostname, or you enter both.',
>> 'dhcp fixed lease help1' => 'IP Addresses might be entered as FQDN',
>> 'dhcp mode' => 'DHCP',
>> --
>> 2.30.1
>>
>>
next prev parent reply other threads:[~2021-02-17 21:21 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-17 13:58 Adolf Belka
2021-02-17 19:38 ` Aw: " Bernhard Bitsch
2021-02-17 21:21 ` Adolf Belka (ipfire-dev) [this message]
2021-02-18 11:37 ` Michael Tremer
2021-02-18 12:17 ` Adolf Belka (ipfire-dev)
2021-02-18 13:06 ` Michael Tremer
2021-02-18 14:01 ` Adolf Belka (ipfire-dev)
2021-02-18 15:18 ` Michael Tremer
2021-02-18 15:29 ` Aw: " Bernhard Bitsch
2021-02-18 16:05 ` Tom Rymes
2021-02-18 16:23 ` Aw: " Bernhard Bitsch
2021-02-18 22:38 ` Tom Rymes
2021-02-18 17:08 ` Adolf Belka (ipfire-dev)
2021-02-18 22:40 ` Tom Rymes
2021-02-19 11:37 ` Adolf Belka (ipfire)
2021-02-19 18:57 ` Michael Tremer
2021-02-21 14:02 ` Adolf Belka (ipfire)
2021-02-21 16:33 ` Tom Rymes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e8663f59-eae1-6244-9ac2-158e8a985e85@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox