diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-10-03 12:09:43 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-10-03 12:15:44 -0300 |
| commit | 4665dbdd51ea845a4b84d5068b4ecf31cd9dce4b (patch) | |
| tree | 73f9c4553c38a462444873920d8f18e6267ff8c5 | |
| parent | 3c4fc30bea7a2beaeb26db7ba1952f8f88635480 (diff) | |
| download | pfsense-4665dbdd51ea845a4b84d5068b4ecf31cd9dce4b.zip pfsense-4665dbdd51ea845a4b84d5068b4ecf31cd9dce4b.tar.gz | |
Make proper check if IP address is configured on another interfaces and ignore current one. It fixes #3807
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 16 | ||||
| -rw-r--r-- | usr/local/www/firewall_virtual_ip_edit.php | 9 |
2 files changed, 21 insertions, 4 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 3892ba6..acca2df 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2510,6 +2510,7 @@ function load_mac_manufacturer_table() { * is_ipaddr_configured * INPUTS * IP Address to check. + * If ignore_if is a VIP (not carp), vip array index is passed after string _virtualip * RESULT * returns true if the IP Address is * configured and present on this device. @@ -2517,6 +2518,15 @@ function load_mac_manufacturer_table() { function is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = false, $check_subnets = false) { global $config; + $pos = strpos($ignore_if, '_virtualip'); + if ($pos !== false) { + $ignore_vip_id = substr($ignore_if, $pos+10); + $ignore_vip_if = substr($ignore_if, 0, $pos); + } else { + $ignore_vip_id = -1; + $ignore_vip_if = $ignore_if; + } + $isipv6 = is_ipaddrv6($ipaddr); if ($check_subnets) { @@ -2543,8 +2553,7 @@ function is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = false, $interface_list_ips = get_configured_ip_addresses(); foreach($interface_list_ips as $if => $ilips) { - /* Also ignore CARP interfaces, it'll be checked below */ - if ($ignore_if == $if || strstr($ignore_if, "_vip")) + if ($ignore_if == $if) continue; if (strcasecmp($ipaddr, $ilips) == 0) return true; @@ -2553,7 +2562,8 @@ function is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = false, $interface_list_vips = get_configured_vips_list(true); foreach ($interface_list_vips as $id => $vip) { - if ($ignore_if == $vip['if']) + /* Skip CARP interfaces here since they were already checked above */ + if ($id == $ignore_vip_id || (strstr($ignore_if, '_vip') && $ignore_vip_if == $vip['if'])) continue; if (strcasecmp($ipaddr, $vip['ipaddr']) == 0) return true; diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 049b99f..9f4413c 100644 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -119,13 +119,20 @@ if ($_POST) { if (isset($id) && isset($a_vip[$id])) { $ignore_if = $a_vip[$id]['interface']; $ignore_mode = $a_vip[$id]['mode']; + if (isset($a_vip[$id]['vhid'])) + $ignore_vhid = $a_vip[$id]['vhid']; } else { $ignore_if = $_POST['interface']; $ignore_mode = $_POST['mode']; } + if (!isset($ignore_vhid)) + $ignore_vhid = $_POST['vhid']; + if ($ignore_mode == 'carp') - $ignore_if .= "_vip{$id}"; + $ignore_if .= "_vip{$ignore_vhid}"; + else + $ignore_if .= "_virtualip{$id}"; if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) $input_errors[] = gettext("This IP address is being used by another interface or VIP."); |
