From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bernhard Bitsch To: development@lists.ipfire.org Subject: Aw: Re: [PATCH] bug#10629: Prevent dynamic and fixed leases overlapping Date: Thu, 18 Feb 2021 16:29:34 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2459852275717320627==" List-Id: --===============2459852275717320627== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > Gesendet: Donnerstag, 18. Februar 2021 um 16:18 Uhr > Von: "Michael Tremer" > An: "Adolf Belka (ipfire-dev)" > Cc: development(a)lists.ipfire.org > Betreff: Re: [PATCH] bug#10629: Prevent dynamic and fixed leases overlapping > > Hi, >=20 > > On 18 Feb 2021, at 14:01, Adolf Belka (ipfire-dev) wrote: > >=20 > > Hi Michael, > >=20 > > On 18/02/2021 14:06, Michael Tremer wrote: > >> Hi, > >> Yes this is an issue of the old implementation indeed. > >> It has not really bothered me because in most cases you are fine. ISC DH= CP still behaves predictable, but not in the way that people expect. > >> Could we change this patch to do the following maybe: > >> * If it is an existing lease it can be edited and a warning is being sho= wn > >> * If it is a new lease being created, an error should be shown as you al= ready implemented. > > I should be able to figure out how to do that. I will need to look at how= to do Warnings. I have seen them in the code but not looked closely at them = yet. This is my opportunity to do so. >=20 > Maybe instead of showing this after hitting Save, it is better to show it n= ext to the IP address field it it overlaps. You wouldn=E2=80=99t need to care= whether the entry existed before or not. >=20 > >> I think that would help us to inform users about potential problems (whi= ch most of them wouldn=E2=80=99t have experienced up to this point in time) a= nd new setup will be correct. > >=20 > > The only thing that would be more difficult is if the user expands an exi= sting dynamic range that already overlaps with two fixed leases so that it no= w overlaps with four fixed leases. It will be difficult to determine which we= re the original existing and which are the new overlapped leases without havi= ng a parameter stored in a file that counts which leases were overlapping whe= n the Core Update upgrade is carried out. That could be done but I think the = simplest will be that any overlap due to a change in the dynamic range should= just get a warning and not an error. Does that sound okay. >=20 > Oh yeah, difficult question. >=20 > I did not assume that this was very dynamic before. >=20 > Potentially it is a good solution to simply split the pool in the backend a= nd not tell the user. So in the configuration instead of writing 192.168.0.10= 0-192.168.0.200, you would add a break for every static lease: >=20 > * 192.168.0.100 - 192.168.0.105 > * 192.168.0.107 - 192.168.0.112 > * 192.168.0.114 - 192.168.0.200 >=20 > In this example, 192.168.0.106 and 192.168.0.113 would be static leases. >=20 > That would make the solution transparent for the user, but a pain for the d= eveloper. >=20 I do not think, that pools are right tool for the problem. Address pools are = used with a slight different semantic in dhcpd. This difference may increase = in future. Not mentioning the effort to split the set of possible IP addresses and to ve= rify this process. Bernhard > But I digress=E2=80=A6 >=20 > I would say the warning is a simple solution to this problem, too. >=20 > >> Is that an acceptable compromise? > >=20 > > Yes, I can live with that. > >=20 > > I will also deal with the other feedback given about the ne in place of t= he !eq and also the location of the subroutine ip_address_in_ip_range >=20 > Just call it =E2=80=9Cip_address_in_range=E2=80=9D. It's shorter :) >=20 > -Michael >=20 > > Regards, > >=20 > > Adolf. > >=20 > >> -Michael > >>> On 18 Feb 2021, at 12:17, Adolf Belka (ipfire-dev) wrote: > >>>=20 > >>> Hi Michael, > >>>=20 > >>> On 18/02/2021 12:37, Michael Tremer wrote: > >>>> Hello, > >>>> This has come up a couple of times before, and I am not sure if we can= make this change without breaking any existing setups. > >>>> As I understand it, we do. Editing a static lease and hitting save wil= l no longer be possible if that IP address is part of the dynamic range. > >>>> Can you confirm that? > >>>=20 > >>> If the static lease is edited to have an IP address in the dynamic rang= e then it will not be possible any more. There will be an error message sayin= g that you have selected an IP from the dynamic range. It will not be entered= into the dhcp.conf file. > >>>=20 > >>> If we don't implement this fix then anyone who defines a fixed IP addre= ss from the dynamic range is doing something that ISC DHCP say should not be = done. > >>>=20 > >>> Most people will probably get away with it most of the time. You could = end up with a fixed lease computer off line for some reason and its lease exp= ires. That IP Address can then be given to another computer and when the orig= inal client comes back it cannot get the fixed lease. It will probably be off= ered a dynamic lease now. Either way the fixed IP address will now be allocat= ed to a different computer. > >>>=20 > >>> pfSense and OPNsense have this restriction implemented in their WUI. > >>>=20 > >>> Regards, > >>>=20 > >>> Adolf. > >>>=20 > >>>>> On 17 Feb 2021, at 13:58, Adolf Belka wrot= e: > >>>>>=20 > >>>>> - This is a fix for bug #10629 > >>>>> - I have tested this out on my vm testbed system. Everything worked f= ine > >>>>> with this. It would be good to get other test feedback in case I have > >>>>> missed something. > >>>>> - This fix flags up if a fixed lease is created within the existing d= ynamic > >>>>> range > >>>>> - This fix also works if a dynamic lease is converted to a fixed leas= e. A > >>>>> new IP outside the dynamic range has to be selected. > >>>>> - A check has also been added if the dynamic range is modified to ove= rlap > >>>>> any existing fixed leases. The error message will also inform how ma= ny > >>>>> fixed leases are now overlapped by the modified dynamic range. > >>>>> - If an interface is disabled and fixed leases within the dynamic ran= ge > >>>>> created or the dynamic range expanded to overlap with existing fixed > >>>>> leases, then when the interface is enabled again the check is carried > >>>>> out and catches these and prevents them being set. > >>>>> - New error messages added to en.pl file > >>>>>=20 > >>>>> Signed-off-by: Adolf Belka > >>>>> --- > >>>>> config/cfgroot/general-functions.pl | 18 ++++++++++++ > >>>>> doc/language_issues.de | 2 ++ > >>>>> doc/language_issues.en | 2 ++ > >>>>> doc/language_issues.es | 2 ++ > >>>>> doc/language_issues.fr | 2 ++ > >>>>> doc/language_issues.it | 2 ++ > >>>>> doc/language_issues.nl | 2 ++ > >>>>> doc/language_issues.pl | 2 ++ > >>>>> doc/language_issues.ru | 2 ++ > >>>>> doc/language_issues.tr | 2 ++ > >>>>> doc/language_missings | 24 ++++++++++++++++ > >>>>> html/cgi-bin/dhcp.cgi | 43 +++++++++++++++++++++++++++++ > >>>>> langs/en/cgi-bin/en.pl | 3 ++ > >>>>> 13 files changed, 106 insertions(+) > >>>>>=20 > >>>>> diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/gen= eral-functions.pl > >>>>> index a6656ccf5..a8c8d171c 100644 > >>>>> --- a/config/cfgroot/general-functions.pl > >>>>> +++ b/config/cfgroot/general-functions.pl > >>>>> @@ -591,6 +591,24 @@ sub check_net_internal_exact{ > >>>>> if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} = ne '0.0.0.0') && &Network::network_equal("$ownnet{'RED_NETADDRESS'}/$ownnet= {'RED_NETMASK'}", $network)){ $errormessage=3D$Lang::tr{'ccd err red'};return= $errormessage;} > >>>>> } > >>>>>=20 > >>>>> +sub ip_address_in_ip_range($$) { > >>>>> +# Returns True if $ipaddress is within $ipstart and $ipend range. > >>>>> + my $ipaddress =3D shift; > >>>>> + my $ipstart =3D shift; > >>>>> + my $ipend =3D shift; > >>>>> + > >>>>> + my $ipaddress_bin =3D &Network::ip2bin($ipaddress); > >>>>> + return undef unless (defined $ipaddress_bin); > >>>>> + > >>>>> + my $ipstart_bin =3D &Network::ip2bin($ipstart); > >>>>> + return undef unless (defined $ipstart_bin); > >>>>> + > >>>>> + my $ipend_bin =3D &Network::ip2bin($ipend); > >>>>> + return undef unless (defined $ipend_bin); > >>>>> + > >>>>> + return (($ipaddress_bin >=3D $ipstart_bin) && ($ipaddress_bin <=3D = $ipend_bin)); > >>>>> +} > >>>> This function should live in network-functions.pl since it clearly is = a network function :) > >>>> Ideally a test could be added for it at the end of it. > >>>>> + > >>>>> sub validport > >>>>> { > >>>>> $_ =3D $_[0]; > >>>>> diff --git a/doc/language_issues.de b/doc/language_issues.de > >>>>> index 5d079036a..cb3e89b2e 100644 > >>>>> --- a/doc/language_issues.de > >>>>> +++ b/doc/language_issues.de > >>>>> @@ -840,6 +840,8 @@ WARNING: translation string unused: zoneconf val = vlan amount assignment error > >>>>> WARNING: translation string unused: zoneconf val vlan tag assignment = error > >>>>> WARNING: translation string unused: zoneconf val zoneslave amount err= or > >>>>> WARNING: untranslated string: desired =3D Desired > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: disable =3D Disable > >>>>> WARNING: untranslated string: enable =3D Enable > >>>>> WARNING: untranslated string: error the to date has to be later than = the from date =3D The to date has to be later than the from date! > >>>>> diff --git a/doc/language_issues.en b/doc/language_issues.en > >>>>> index 6e30eb995..832ff8d92 100644 > >>>>> --- a/doc/language_issues.en > >>>>> +++ b/doc/language_issues.en > >>>>> @@ -582,6 +582,8 @@ WARNING: untranslated string: dhcp dns key name = =3D Key Name > >>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update > >>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm > >>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: dhcp server =3D DHCP Server > >>>>> WARNING: untranslated string: dhcp server disabled =3D DHCP server di= sabled. Stopped. > >>>>> WARNING: untranslated string: dhcp server enabled =3D DHCP server ena= bled. Restarting. > >>>>> diff --git a/doc/language_issues.es b/doc/language_issues.es > >>>>> index 82d65d99c..b65ecd164 100644 > >>>>> --- a/doc/language_issues.es > >>>>> +++ b/doc/language_issues.es > >>>>> @@ -893,6 +893,8 @@ WARNING: untranslated string: dhcp dns key name = =3D Key Name > >>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update > >>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm > >>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: dhcp valid range required when deny kno= wn clients checked =3D Valid range required when "Deny known clients:" is che= cked > >>>>> WARNING: untranslated string: disable =3D Disable > >>>>> WARNING: untranslated string: disconnected =3D Disconnected > >>>>> diff --git a/doc/language_issues.fr b/doc/language_issues.fr > >>>>> index 942be73ec..71de90bd7 100644 > >>>>> --- a/doc/language_issues.fr > >>>>> +++ b/doc/language_issues.fr > >>>>> @@ -880,6 +880,8 @@ WARNING: translation string unused: zoneconf val = vlan amount assignment error > >>>>> WARNING: translation string unused: zoneconf val vlan tag assignment = error > >>>>> WARNING: translation string unused: zoneconf val zoneslave amount err= or > >>>>> WARNING: untranslated string: dhcp deny known clients: =3D Deny known= clients: > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: dhcp valid range required when deny kno= wn clients checked =3D Valid range required when "Deny known clients:" is che= cked > >>>>> WARNING: untranslated string: fwhost cust locationgrp =3D unknown str= ing > >>>>> WARNING: untranslated string: fwhost err hostip =3D unknown string > >>>>> diff --git a/doc/language_issues.it b/doc/language_issues.it > >>>>> index 98074e59f..a4cd8c5db 100644 > >>>>> --- a/doc/language_issues.it > >>>>> +++ b/doc/language_issues.it > >>>>> @@ -917,6 +917,8 @@ WARNING: untranslated string: dhcp dns key name = =3D Key Name > >>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update > >>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm > >>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: dhcp valid range required when deny kno= wn clients checked =3D Valid range required when "Deny known clients:" is che= cked > >>>>> WARNING: untranslated string: disable =3D Disable > >>>>> WARNING: untranslated string: disconnected =3D Disconnected > >>>>> diff --git a/doc/language_issues.nl b/doc/language_issues.nl > >>>>> index 8eebbd57f..9cef4790e 100644 > >>>>> --- a/doc/language_issues.nl > >>>>> +++ b/doc/language_issues.nl > >>>>> @@ -918,6 +918,8 @@ WARNING: untranslated string: dhcp dns key name = =3D Key Name > >>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update > >>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm > >>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: disable =3D Disable > >>>>> WARNING: untranslated string: disconnected =3D Disconnected > >>>>> WARNING: untranslated string: dl client arch insecure =3D Download in= secure Client Package (zip) > >>>>> diff --git a/doc/language_issues.pl b/doc/language_issues.pl > >>>>> index 82d65d99c..b65ecd164 100644 > >>>>> --- a/doc/language_issues.pl > >>>>> +++ b/doc/language_issues.pl > >>>>> @@ -893,6 +893,8 @@ WARNING: untranslated string: dhcp dns key name = =3D Key Name > >>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update > >>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm > >>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: dhcp valid range required when deny kno= wn clients checked =3D Valid range required when "Deny known clients:" is che= cked > >>>>> WARNING: untranslated string: disable =3D Disable > >>>>> WARNING: untranslated string: disconnected =3D Disconnected > >>>>> diff --git a/doc/language_issues.ru b/doc/language_issues.ru > >>>>> index 43c1f8c08..76fd6b350 100644 > >>>>> --- a/doc/language_issues.ru > >>>>> +++ b/doc/language_issues.ru > >>>>> @@ -895,6 +895,8 @@ WARNING: untranslated string: dhcp dns key name = =3D Key Name > >>>>> WARNING: untranslated string: dhcp dns update =3D DNS Update > >>>>> WARNING: untranslated string: dhcp dns update algo =3D Algorithm > >>>>> WARNING: untranslated string: dhcp dns update secret =3D Secret > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: dhcp valid range required when deny kno= wn clients checked =3D Valid range required when "Deny known clients:" is che= cked > >>>>> WARNING: untranslated string: disable =3D Disable > >>>>> WARNING: untranslated string: disconnected =3D Disconnected > >>>>> diff --git a/doc/language_issues.tr b/doc/language_issues.tr > >>>>> index 439a58890..bd78a5a4e 100644 > >>>>> --- a/doc/language_issues.tr > >>>>> +++ b/doc/language_issues.tr > >>>>> @@ -896,6 +896,8 @@ WARNING: untranslated string: dangerous =3D Dange= rous > >>>>> WARNING: untranslated string: default IP address =3D Default IP Addre= ss > >>>>> WARNING: untranslated string: desired =3D Desired > >>>>> WARNING: untranslated string: dhcp deny known clients: =3D Deny known= clients: > >>>>> +WARNING: untranslated string: dhcp dynamic range overlap =3D Dynamic= range overlapped with > >>>>> +WARNING: untranslated string: dhcp fixed ip address =3D Fixed IP Ad= dress(es) > >>>>> WARNING: untranslated string: dhcp valid range required when deny kno= wn clients checked =3D Valid range required when "Deny known clients:" is che= cked > >>>>> WARNING: untranslated string: disable =3D Disable > >>>>> WARNING: untranslated string: disconnected =3D Disconnected > >>>>> diff --git a/doc/language_missings b/doc/language_missings > >>>>> index 0d89426ca..3d6c5103d 100644 > >>>>> --- a/doc/language_missings > >>>>> +++ b/doc/language_missings > >>>>> @@ -28,6 +28,9 @@ > >>>>> < could not connect to www ipfire org > >>>>> < cryptographic settings > >>>>> < desired > >>>>> +< dhcp dynamic range overlap > >>>>> +< dhcp fixed ip address > >>>>> +< dhcp fixed ip address in dynamic range > >>>>> < dhcp server disabled on blue interface > >>>>> < dhcp server enabled on blue interface > >>>>> < dh name is invalid > >>>>> @@ -230,6 +233,9 @@ > >>>>> < dhcp dns update > >>>>> < dhcp dns update algo > >>>>> < dhcp dns update secret > >>>>> +< dhcp dynamic range overlap > >>>>> +< dhcp fixed ip address > >>>>> +< dhcp fixed ip address in dynamic range > >>>>> < dhcp valid range required when deny known clients checked > >>>>> < dh key move failed > >>>>> < dh key warn > >>>>> @@ -969,6 +975,9 @@ > >>>>> < bewan adsl pci st > >>>>> < bewan adsl usb > >>>>> < dhcp deny known clients: > >>>>> +< dhcp dynamic range overlap > >>>>> +< dhcp fixed ip address > >>>>> +< dhcp fixed ip address in dynamic range > >>>>> < dhcp valid range required when deny known clients checked > >>>>> < g.dtm > >>>>> < g.lite > >>>>> @@ -1071,6 +1080,9 @@ > >>>>> < dhcp dns update > >>>>> < dhcp dns update algo > >>>>> < dhcp dns update secret > >>>>> +< dhcp dynamic range overlap > >>>>> +< dhcp fixed ip address > >>>>> +< dhcp fixed ip address in dynamic range > >>>>> < dhcp valid range required when deny known clients checked > >>>>> < disable > >>>>> < Disabled > >>>>> @@ -1460,6 +1472,9 @@ > >>>>> < dhcp dns update > >>>>> < dhcp dns update algo > >>>>> < dhcp dns update secret > >>>>> +< dhcp dynamic range overlap > >>>>> +< dhcp fixed ip address > >>>>> +< dhcp fixed ip address in dynamic range > >>>>> < dh key move failed > >>>>> < dh key warn > >>>>> < dh key warn1 > >>>>> @@ -1965,6 +1980,9 @@ > >>>>> < dhcp dns update > >>>>> < dhcp dns update algo > >>>>> < dhcp dns update secret > >>>>> +< dhcp dynamic range overlap > >>>>> +< dhcp fixed ip address > >>>>> +< dhcp fixed ip address in dynamic range > >>>>> < dhcp valid range required when deny known clients checked > >>>>> < dh key move failed > >>>>> < dh key warn > >>>>> @@ -2848,6 +2866,9 @@ > >>>>> < dhcp dns update > >>>>> < dhcp dns update algo > >>>>> < dhcp dns update secret > >>>>> +< dhcp dynamic range overlap > >>>>> +< dhcp fixed ip address > >>>>> +< dhcp fixed ip address in dynamic range > >>>>> < dhcp valid range required when deny known clients checked > >>>>> < dh key move failed > >>>>> < dh key warn > >>>>> @@ -3595,6 +3616,9 @@ > >>>>> < default IP address > >>>>> < desired > >>>>> < dhcp deny known clients: > >>>>> +< dhcp dynamic range overlap > >>>>> +< dhcp fixed ip address > >>>>> +< dhcp fixed ip address in dynamic range > >>>>> < dhcp valid range required when deny known clients checked > >>>>> < disable > >>>>> < Disabled > >>>>> diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi > >>>>> index 867614f2a..82ea754c7 100644 > >>>>> --- a/html/cgi-bin/dhcp.cgi > >>>>> +++ b/html/cgi-bin/dhcp.cgi > >>>>> @@ -130,6 +130,7 @@ open(FILE, "$filename2") or die 'Unable to open f= ixed leases file.'; > >>>>> our @current2 =3D ; > >>>>> close(FILE); > >>>>>=20 > >>>>> + > >>>>> # Check Settings1 first because they are needed by &buildconf > >>>>> if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) { > >>>>> foreach my $itf (@ITFs) { > >>>>> @@ -183,6 +184,24 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}= ) { > >>>>> } > >>>>> } > >>>>>=20 > >>>>> + # Check if dynamic range and Fixed IP Addresses overlap > >>>>> + if ((!$dhcpsettings{"START_ADDR_${itf}"}) eq '' && (!$dhcpsetti= ngs{"END_ADDR_${itf}"}) eq '') { > >>>> For better readability, writing =E2=80=9Cne=E2=80=9D instead of !eq mi= ght be a good idea. > >>>>> + my $count=3D0; > >>>>> + foreach my $line (@current2) { > >>>>> + chomp($line); > >>>>> + my @temp =3D split(/\,/,$line); > >>>>> + if (&General::ip_address_in_ip_range($temp[1], > >>>>> + $dhcpsettings{"START_ADDR_${itf}"}, > >>>>> + $dhcpsettings{"END_ADDR_${itf}"})) { > >>>>> + $count++; > >>>>> + } > >>>>> + } > >>>>> + if ($count > 0) { > >>>>> + $errormessage =3D "DHCP on ${itf}: " . $Lang::tr{'dhcp dynamic ra= nge overlap'} . $count . $Lang::tr{'dhcp fixed ip address'}; > >>>>> + goto ERROR; > >>>>> + } > >>>>> + } > >>>>> + > >>>>> if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =3D~ /^\d+$/)) { > >>>>> $errormessage =3D "DHCP on ${itf}: " . $Lang::tr{'invalid default l= ease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'}; > >>>>> goto ERROR; > >>>>> @@ -415,10 +434,34 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'toggl= e enable disable'}.'2') { > >>>>> if ($dhcpsettings{'ACTION'} eq $Lang::tr{'add'}.'2') { > >>>>> $dhcpsettings{'FIX_MAC'} =3D~ tr/-/:/; > >>>>> unless(&General::validip($dhcpsettings{'FIX_ADDR'})) { $errormess= age =3D $Lang::tr{'invalid fixed ip address'}; } > >>>>> +# Check if fixed address is in the dynamic range, if defined > >>>>> + foreach my $itf (@ITFs) { > >>>>> + if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ) { > >>>>> + if ($dhcpsettings{"START_ADDR_${itf}"}) { > >>>>> + if (&General::ip_address_in_ip_range($dhcpsettings{'FIX_ADDR'= }, > >>>>> + $dhcpsettings{"START_ADDR_${itf}"}, > >>>>> + $dhcpsettings{"END_ADDR_${itf}"})) { > >>>>> + $errormessage =3D $Lang::tr{"dhcp fixed ip address in dynamic ra= nge"}; > >>>>> + } > >>>>> + } > >>>>> + } > >>>>> + } > >>>>> unless(&General::validmac($dhcpsettings{'FIX_MAC'})) { $errormess= age =3D $Lang::tr{'invalid fixed mac address'}; } > >>>>> if ($dhcpsettings{'FIX_NEXTADDR'}) { > >>>>> unless(&General::validip($dhcpsettings{'FIX_NEXTADDR'})) { $e= rrormessage =3D $Lang::tr{'invalid fixed ip address'}; } > >>>>> } > >>>>> +# Check if fixed next address is in the dynamic range, if defined > >>>>> + foreach my $itf (@ITFs) { > >>>>> + if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ) { > >>>>> + if ($dhcpsettings{"START_ADDR_${itf}"}) { > >>>>> + if (&General::ip_address_in_ip_range($dhcpsettings{'FIX_NEXTA= DDR'}, > >>>>> + $dhcpsettings{"START_ADDR_${itf}"}, > >>>>> + $dhcpsettings{"END_ADDR_${itf}"})) { > >>>>> + $errormessage =3D $Lang::tr{"dhcp fixed ip address in dynamic ra= nge"}; > >>>>> + } > >>>>> + } > >>>>> + } > >>>>> + } > >>>>> =09 > >>>>> my $key =3D 0; > >>>>> CHECK:foreach my $line (@current2) { > >>>>> diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl > >>>>> index 95a1cfda4..0dbdf7bd5 100644 > >>>>> --- a/langs/en/cgi-bin/en.pl > >>>>> +++ b/langs/en/cgi-bin/en.pl > >>>>> @@ -806,6 +806,9 @@ > >>>>> 'dhcp dns update' =3D> 'DNS Update', > >>>>> 'dhcp dns update algo' =3D> 'Algorithm', > >>>>> 'dhcp dns update secret' =3D> 'Secret', > >>>>> +'dhcp dynamic range overlap' =3D> 'Dynamic range overlapped with ', > >>>>> +'dhcp fixed ip address' =3D> ' Fixed IP Address(es)', > >>>>> +'dhcp fixed ip address in dynamic range' =3D> 'Fixed IP Address in d= ynamic range is not allowed', > >>>>> 'dhcp fixed lease err1' =3D> 'For a fix lease you have to enter the M= AC address or the hostname, or you enter both.', > >>>>> 'dhcp fixed lease help1' =3D> 'IP Addresses might be entered as FQDN', > >>>>> 'dhcp mode' =3D> 'DHCP', > >>>>> --=20 > >>>>> 2.30.1 > >>>>>=20 >=20 > --===============2459852275717320627==--