diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-20 10:48:39 -0600 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-20 10:55:02 -0600 |
commit | 9603306327f07205ac69ea99b8c0666ba9dc8a1d (patch) | |
tree | 105765d1e09bbb9eea4dacfb7ff0f2cb1f943a89 /etc | |
parent | 986a3accd40a7d45c0a3d48d2b42d2c58a231d99 (diff) | |
download | pfsense-9603306327f07205ac69ea99b8c0666ba9dc8a1d.zip pfsense-9603306327f07205ac69ea99b8c0666ba9dc8a1d.tar.gz |
Various fixes to usage of ip2long, long2ip, and negated subnet masks, mostly affecting 64-bit. Ticket #459
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/openvpn.inc | 18 | ||||
-rw-r--r-- | etc/inc/util.inc | 26 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 10 |
3 files changed, 32 insertions, 22 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 72630e7..3fe4574 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -363,9 +363,9 @@ function openvpn_reconfigure($mode,& $settings) { switch($settings['mode']) { case 'p2p_tls': case 'p2p_shared_key': - $baselong = ip2long($ip) & ip2long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & ip2long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig $ip1 $ip2\n"; break; case 'server_tls': @@ -463,9 +463,9 @@ function openvpn_reconfigure($mode,& $settings) { if (!empty($settings['tunnel_network'])) { list($ip, $mask) = explode('/', $settings['tunnel_network']); $mask = gen_subnet_mask($mask); - $baselong = ip2long($ip) & ip2long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & ip2long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig $ip2 $ip1\n"; } @@ -626,9 +626,9 @@ function openvpn_resync_csc(& $settings) { if (!empty($settings['tunnel_network'])) { list($ip, $mask) = explode('/', $settings['tunnel_network']); - $baselong = ip2long($ip) & gen_subnet_mask_long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & gen_subnet_mask_long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig-push {$ip1} {$ip2}\n"; } diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 930f9ac..0828bbf 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -198,7 +198,7 @@ function gen_subnet_max($ipaddr, $bits) { if (!is_ipaddr($ipaddr) || !is_numeric($bits)) return ""; - return long2ip(ip2long($ipaddr) | ~gen_subnet_mask_long($bits)); + return long2ip32(ip2long($ipaddr) | ~gen_subnet_mask_long($bits)); } /* returns a subnet mask (long given a bit count) */ @@ -216,9 +216,19 @@ function gen_subnet_mask($bits) { return long2ip(gen_subnet_mask_long($bits)); } +/* Convert long int to IP address, truncating to 32-bits. */ +function long2ip32($ip) { + return long2ip($ip & 0xFFFFFFFF); +} + +/* Convert IP address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. */ +function ip2long32($ip) { + return ( ip2long($ip) & 0xFFFFFFFF ); +} + /* Convert IP address to unsigned long int. */ function ip2ulong($ip) { - return sprintf("%u", ip2long($ip)); + return sprintf("%u", ip2long32($ip)); } /* Find out how many IPs are contained within a given IP range @@ -246,12 +256,12 @@ function find_smallest_cidr($number) { /* Return the previous IP address before the given address */ function ip_before($ip) { - return long2ip(ip2long($ip)-1); + return long2ip32(ip2long($ip)-1); } /* Return the next IP address after the given address */ function ip_after($ip) { - return long2ip(ip2long($ip)+1); + return long2ip32(ip2long($ip)+1); } /* Return true if the first IP is 'before' the second */ @@ -347,7 +357,7 @@ function is_ipaddr($ipaddr) { return false; $ip_long = ip2long($ipaddr); - $ip_reverse = long2ip($ip_long); + $ip_reverse = long2ip32($ip_long); if ($ipaddr == $ip_reverse) return true; @@ -891,9 +901,9 @@ function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) { /* compare two IP addresses */ function ipcmp($a, $b) { - if (ip2long($a) < ip2long($b)) + if (ip_less_than($a, $b)) return -1; - else if (ip2long($a) > ip2long($b)) + else if (ip_greater_than($a, $b)) return 1; else return 0; @@ -902,7 +912,7 @@ function ipcmp($a, $b) { /* return true if $addr is in $subnet, false if not */ function ip_in_subnet($addr,$subnet) { list($ip, $mask) = explode('/', $subnet); - $mask = 0xffffffff << (32 - $mask); + $mask = (0xffffffff << (32 - $mask)) & 0xffffffff; return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index f2343e1..c874a83 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -343,8 +343,8 @@ function vpn_ipsec_configure($ipchg = false) $pool_address = $a_client['pool_address']; $pool_netmask = gen_subnet_mask($a_client['pool_netbits']); - $pool_address = long2ip(ip2long($pool_address)+1); - $pool_size = ~ip2long($pool_netmask) - 2; + $pool_address = long2ip32(ip2long($pool_address)+1); + $pool_size = (~ip2long($pool_netmask) & 0xFFFFFFFF) - 2; $racoonconf .= "\tpool_size {$pool_size};\n"; $racoonconf .= "\tnetwork4 {$pool_address};\n"; @@ -1012,7 +1012,7 @@ EOD; for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { - $clientip = long2ip(ip2long($pptpdcfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($pptpdcfg['remoteip']) + $i); $mpdconf .= <<<EOD @@ -1219,7 +1219,7 @@ EOD; for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { - $clientip = long2ip(ip2long($pppoecfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i); if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['enable'])) { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; @@ -1409,7 +1409,7 @@ EOD; for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { - $clientip = long2ip(ip2long($l2tpcfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($l2tpcfg['remoteip']) + $i); if (isset ($l2tpcfg['radius']['radiusissueips']) && isset ($l2tpcfg['radius']['enable'])) { $isssue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 0.0.0.0/0"; |