Previously, the getcolor() function did not correctly process IPsec N2N connections with more than one remote network configured, resulting in networks mistakenly marked as being part of a VPN connection, or vice versa.
Fixes: #11235
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- html/cgi-bin/fwhosts.cgi | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 84b018459..648fc7c8e 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -1974,11 +1974,13 @@ sub getcolor #Check if IP is part of a IPsec N2N network foreach my $key (sort keys %ipsecconf){ if ($ipsecconf{$key}[11]){ - my ($a,$b) = split("/",$ipsecconf{$key}[11]); - $b=&General::iporsubtodec($b); - if (&General::IpInSubnet($sip,$a,$b)){ - $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>"; - return $tdcolor; + foreach my $ipsecsubitem (split(/|/, $ipsecconf{$key}[11])) { + my ($a,$b) = split("/",$ipsecsubitem); + $b=&General::iporsubtodec($b); + if (&General::IpInSubnet($sip,$a,$b)){ + $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>"; + return $tdcolor; + } } } }