diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-02-11 18:33:26 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-02-11 18:35:50 -0200 |
commit | e6c60013283ea203853e0bc34158e185016f4df6 (patch) | |
tree | 0f9e643beb4cdd347379a63d708fdd27a2e9a434 /etc/inc | |
parent | 699125b18256a9270c28be75f8579b456f39035e (diff) | |
download | pfsense-e6c60013283ea203853e0bc34158e185016f4df6.zip pfsense-e6c60013283ea203853e0bc34158e185016f4df6.tar.gz |
Check interfaces and VIP IP address overlap
- Check if interface IP overlaps other interfaces or localip from mpd
based services
- Check if VIPs IP overlaps interfaces or other VIPs address
It fixes #1723
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/pfsense-utils.inc | 42 | ||||
-rw-r--r-- | etc/inc/util.inc | 14 |
2 files changed, 45 insertions, 11 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 63cc465..bba28dd 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2431,22 +2431,42 @@ function load_mac_manufacturer_table() { * returns true if the IP Address is * configured and present on this device. */ -function is_ipaddr_configured($ipaddr) { - $interface_list_ips = get_configured_ip_addresses(); - foreach($interface_list_ips as $ilips) { - if(strcasecmp($ipaddr, $ilips) == 0) - return true; +function is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = false, $check_subnets = false) { + global $config; + + if ($check_subnets) { + $iflist = get_configured_interface_list(); + foreach ($iflist as $if => $ifname) { + if ($ignore_if == $if) + continue; + $bitmask = get_interface_subnet($if); + $subnet = gen_subnet(get_interface_ip($if), $bitmask); + if (ip_in_subnet($ipaddr, $subnet . '/' . $bitmask)) + return true; + } + } else { + $interface_list_ips = get_configured_ip_addresses(); + foreach($interface_list_ips as $if => $ilips) { + if ($ignore_if == $if) + continue; + if (strcasecmp($ipaddr, $ilips) == 0) + return true; + } } - $interface_list_ips = get_configured_ip_aliases_list(); - foreach($interface_list_ips as $key => $ilips) { - if(strcasecmp($ipaddr, $key) == 0) + $interface_list_vips = get_configured_vips_list(); + foreach($interface_list_vips as $id => $vip) { + if ($ignore_if == "vip_" . $id) + continue; + if (strcasecmp($ipaddr, $vip['ipaddr']) == 0) return true; } - $interface_list_ips = get_configured_carp_interface_list(); - foreach($interface_list_ips as $ilips) { - if(strcasecmp($ipaddr, $ilips) == 0) + if ($check_localip) { + if (isset($config['pptpd']['localip']) && (strcasecmp($ipaddr, $config['pptpd']['localip']) == 0)) + return true; + + if (isset($config['l2tp']['localip']) && (strcasecmp($ipaddr, $config['l2tp']['localip']) == 0)) return true; } diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 4404815..33914ae 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -740,6 +740,20 @@ function get_configured_ip_aliases_list($returnfullentry = false) { return $alias_list; } +/* return all configured aliases list (IP, carp, proxyarp and other) */ +function get_configured_vips_list() { + global $config; + + $alias_list=array(); + + if(is_array($config['virtualip']['vip'])) { + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) + $alias_list[] = array("ipaddr" => $vip['subnet'], "if" => $vip['interface']); + } + + return $alias_list; +} /* comparison function for sorting by the order in which interfaces are normally created */ function compare_interface_friendly_names($a, $b) { |