diff options
author | Phil Davis <phil.davis@inf.org> | 2017-01-22 14:13:50 +0545 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2017-01-23 18:21:53 -0200 |
commit | 5050b79277d1f5944d786d63699feda013179c5b (patch) | |
tree | c8dc20d7df32d2c9547231c37e83874b979c8e59 /src | |
parent | 5af7e158ec444cc186235ce64a4d03ef37bdf230 (diff) | |
download | pfsense-5050b79277d1f5944d786d63699feda013179c5b.zip pfsense-5050b79277d1f5944d786d63699feda013179c5b.tar.gz |
Always force compress when calling Net_IPv6
(cherry picked from commit 587995fb57f91894d1f8eb6b296a9fe2fa111fac)
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/interfaces.inc | 6 | ||||
-rw-r--r-- | src/etc/inc/ipsec.inc | 2 | ||||
-rw-r--r-- | src/etc/inc/openvpn.inc | 4 | ||||
-rw-r--r-- | src/etc/inc/pfsense-utils.inc | 4 | ||||
-rw-r--r-- | src/etc/inc/util.inc | 17 | ||||
-rw-r--r-- | src/usr/local/www/services_dhcpv6.php | 8 |
6 files changed, 28 insertions, 13 deletions
diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 7a08fc2..cd2710f 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -3850,7 +3850,7 @@ function interface_6to4_configure($interface = "wan", $wancfg) { foreach ($stfbrbinarr as $bin) { $stfbrarr[] = dechex(bindec($bin)); } - $stfbrgw = Net_IPv6::compress(implode(":", $stfbrarr)); + $stfbrgw = text_to_compressed_ip6(implode(":", $stfbrarr)); /* convert the 128 bits for the broker address back into a valid IPv6 address */ $stflanarr = array(); @@ -3859,9 +3859,9 @@ function interface_6to4_configure($interface = "wan", $wancfg) { foreach ($stflanbinarr as $bin) { $stflanarr[] = dechex(bindec($bin)); } - $stflanpr = Net_IPv6::compress(implode(":", $stflanarr)); + $stflanpr = text_to_compressed_ip6(implode(":", $stflanarr)); $stflanarr[7] = 1; - $stflan = Net_IPv6::compress(implode(":", $stflanarr)); + $stflan = text_to_compressed_ip6(implode(":", $stflanarr)); /* setup the stf interface */ if (!is_module_loaded("if_stf")) { diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index faa4cab..2d02ff6 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -746,7 +746,7 @@ function ipsec_get_phase1($ikeid) { function ipsec_fixup_ip($ipaddr) { if (is_ipaddrv6($ipaddr) || is_subnetv6($ipaddr)) { - return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr)); + return text_to_compressed_ip6($ipaddr); } else { return $ipaddr; } diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 2e80d70..ff3ab16 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -1749,8 +1749,8 @@ function openvpn_get_interface_ipv6($ipv6, $prefix) { // Is there a better way to do this math? $ipv6_arr = explode(':', $basev6); $last = hexdec(array_pop($ipv6_arr)); - $ipv6_1 = Net_IPv6::compress(Net_IPv6::uncompress(implode(':', $ipv6_arr) . ':' . dechex($last + 1))); - $ipv6_2 = Net_IPv6::compress(Net_IPv6::uncompress(implode(':', $ipv6_arr) . ':' . dechex($last + 2))); + $ipv6_1 = text_to_compressed_ip6(implode(':', $ipv6_arr) . ':' . dechex($last + 1)); + $ipv6_2 = text_to_compressed_ip6(implode(':', $ipv6_arr) . ':' . dechex($last + 2)); return array($ipv6_1, $ipv6_2); } diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 1df790b..4e002b2 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -3135,7 +3135,7 @@ function convert_128bit_to_ipv6($ip6bin) { foreach ($ip6binarr as $binpart) { $ip6arr[] = dechex(bindec($binpart)); } - $ip6addr = Net_IPv6::compress(implode(":", $ip6arr)); + $ip6addr = text_to_compressed_ip6(implode(":", $ip6arr)); return($ip6addr); } @@ -3217,7 +3217,7 @@ function merge_ipv6_delegated_prefix($prefix, $suffix, $len = 64) { break; } - return Net_IPv6::compress(substr($prefix, 0, $prefix_len) . + return text_to_compressed_ip6(substr($prefix, 0, $prefix_len) . substr($suffix, $prefix_len)); } diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 665806d..3e8a948 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -373,7 +373,7 @@ function gen_subnetv4($ipaddr, $bits) { /* same as gen_subnet() but accepts IPv6 only */ function gen_subnetv6($ipaddr, $bits) { if (is_ipaddrv6($ipaddr) && is_numericint($bits) && $bits <= 128) { - return Net_IPv6::compress(Net_IPv6::getNetmask($ipaddr, $bits)); + return text_to_compressed_ip6(Net_IPv6::getNetmask($ipaddr, $bits)); } return ""; } @@ -450,6 +450,21 @@ function ip2ulong($ip) { return sprintf("%u", ip2long32($ip)); } +/* + * Convert textual IPv6 address string to compressed address + */ +function text_to_compressed_ip6($text) { + // Force re-compression by passing parameter 2 (force) true. + // This ensures that supposedly-compressed formats are uncompressed + // first then re-compressed into strictly correct form. + // e.g. 2001:0:0:4:0:0:0:1 + // 2001::4:0:0:0:1 is a strictly-incorrect compression, + // but maybe the user entered it like that. + // The "force" parameter will ensure it is returned as: + // 2001:0:0:4::1 + return Net_IPv6::compress($text, true); +} + /* Find out how many IPs are contained within a given IP range * e.g. 192.168.0.0 to 192.168.0.255 returns 256 */ diff --git a/src/usr/local/www/services_dhcpv6.php b/src/usr/local/www/services_dhcpv6.php index 7f5780e..d70961e 100644 --- a/src/usr/local/www/services_dhcpv6.php +++ b/src/usr/local/www/services_dhcpv6.php @@ -259,9 +259,9 @@ if (isset($_POST['apply'])) { $_POST['prefixrange_length']) { $netmask = Net_IPv6::getNetmask($_POST['prefixrange_from'], $_POST['prefixrange_length']); - $netmask = Net_IPv6::compress($netmask); + $netmask = text_to_compressed_ip6($netmask); - if ($netmask != Net_IPv6::compress(strtolower( + if ($netmask != text_to_compressed_ip6(strtolower( $_POST['prefixrange_from']))) { $input_errors[] = sprintf(gettext( "Prefix Delegation From address is not a valid IPv6 Netmask for %s"), @@ -270,9 +270,9 @@ if (isset($_POST['apply'])) { $netmask = Net_IPv6::getNetmask($_POST['prefixrange_to'], $_POST['prefixrange_length']); - $netmask = Net_IPv6::compress($netmask); + $netmask = text_to_compressed_ip6($netmask); - if ($netmask != Net_IPv6::compress(strtolower( + if ($netmask != text_to_compressed_ip6(strtolower( $_POST['prefixrange_to']))) { $input_errors[] = sprintf(gettext( "Prefix Delegation To address is not a valid IPv6 Netmask for %s"), |