Previously, the getcolor() function did not correctly process IPsec N2N connections with more than one remote network configured, resulting in networks mistakenly marked as being part of a VPN connection, or vice versa.
Fixes: #11235
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- html/cgi-bin/fwhosts.cgi | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 84b018459..648fc7c8e 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -1974,11 +1974,13 @@ sub getcolor #Check if IP is part of a IPsec N2N network foreach my $key (sort keys %ipsecconf){ if ($ipsecconf{$key}[11]){ - my ($a,$b) = split("/",$ipsecconf{$key}[11]); - $b=&General::iporsubtodec($b); - if (&General::IpInSubnet($sip,$a,$b)){ - $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>"; - return $tdcolor; + foreach my $ipsecsubitem (split(/|/, $ipsecconf{$key}[11])) { + my ($a,$b) = split("/",$ipsecsubitem); + $b=&General::iporsubtodec($b); + if (&General::IpInSubnet($sip,$a,$b)){ + $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>"; + return $tdcolor; + } } } }
Hello Peter,
I've reviewed and tested your patch and it seems to fix the issue.
Thanks for working and submitting it.
Best regards,
-Stefan
Acked-by: Stefan Schantl stefan.schantl@ipfire.org
Previously, the getcolor() function did not correctly process IPsec N2N connections with more than one remote network configured, resulting in networks mistakenly marked as being part of a VPN connection, or vice versa.
Fixes: #11235
Signed-off-by: Peter Müller peter.mueller@ipfire.org
html/cgi-bin/fwhosts.cgi | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 84b018459..648fc7c8e 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -1974,11 +1974,13 @@ sub getcolor #Check if IP is part of a IPsec N2N network foreach my $key (sort keys %ipsecconf){ if ($ipsecconf{$key}[11]){ - my ($a,$b) = split("/",$ipsecconf{$key}[11]); - $b=&General::iporsubtodec($b); - if (&General::IpInSubnet($sip,$a,$b)){ - $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>"; - return $tdcolor; + foreach my $ipsecsubitem (split(/|/, $ipsecconf{$key}[11])) { + my ($a,$b) = split("/",$ipsecsubitem); + $b=&General::iporsubtodec($b) ; + if (&General::IpInSubnet($sip,$a,$b)){ + $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>"; + return $tdcolor; + } } } }
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 22 Apr 2021, at 21:20, Peter Müller peter.mueller@ipfire.org wrote:
Previously, the getcolor() function did not correctly process IPsec N2N connections with more than one remote network configured, resulting in networks mistakenly marked as being part of a VPN connection, or vice versa.
Fixes: #11235
Signed-off-by: Peter Müller peter.mueller@ipfire.org
html/cgi-bin/fwhosts.cgi | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 84b018459..648fc7c8e 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -1974,11 +1974,13 @@ sub getcolor #Check if IP is part of a IPsec N2N network foreach my $key (sort keys %ipsecconf){ if ($ipsecconf{$key}[11]){
my ($a,$b) = split("/",$ipsecconf{$key}[11]);$b=&General::iporsubtodec($b);if (&General::IpInSubnet($sip,$a,$b)){$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";return $tdcolor;
foreach my $ipsecsubitem (split(/\|/, $ipsecconf{$key}[11])) {my ($a,$b) = split("/",$ipsecsubitem);$b=&General::iporsubtodec($b);if (&General::IpInSubnet($sip,$a,$b)){$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";return $tdcolor;} } }-- 2.26.2
-
Michael Tremer -
Peter Müller -
Stefan Schantl