From 028ff8f8a3d7c09ee5604d6f3eadcdaaef1610c7 Mon Sep 17 00:00:00 2001
From: Phil Davis <phil.davis@inf.org>
Date: Sun, 5 Jul 2015 23:18:04 +0545
Subject: Fix #4813 validation of enable/disable of gateways and static routes

1) A disabled gateway can always be enabled - no extra validation
needed.
2) When disabling an enabled gateway, check to see that the gateway is
not used in any gateway group or enabled static route (similar tests to
what is already checked before deleting a gateway).
3) A static route can always be disabled - no extra checks needed.
4) When enabling a static route, check that the selected gateway is
enabled - you cannot have a static route enabled on a disabled gateway.
5) Do the address family cross-check between static route and gateway
even when the static route is disabled - we do not want to save
mismatched   IP address families in any case.
This covers all the cases I can see to ensure that the enable/disable
status combinations of Gateways and Static Routes is always valid.
---
 etc/inc/gwlb.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'etc/inc')

diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc
index 0627cb3..9880cdc 100644
--- a/etc/inc/gwlb.inc
+++ b/etc/inc/gwlb.inc
@@ -1033,9 +1033,9 @@ function dhclient_update_gateway_groups_defaultroute($interface = "wan") {
 	}
 }
 
-function lookup_gateway_ip_by_name($name) {
+function lookup_gateway_ip_by_name($name, $disabled = false) {
 
-	$gateways_arr = return_gateways_array(false, true);
+	$gateways_arr = return_gateways_array($disabled, true);
 	foreach ($gateways_arr as $gname => $gw) {
 		if ($gw['name'] === $name || $gname === $name) {
 			return $gw['gateway'];
@@ -1141,7 +1141,7 @@ function get_interface_gateway_v6($interface, &$dynamic = false) {
 
 /* Check a IP address against a gateway IP or name
  * to verify it's address family */
-function validate_address_family($ipaddr, $gwname) {
+function validate_address_family($ipaddr, $gwname, $disabled = false) {
 	$v4ip = false;
 	$v6ip = false;
 	$v4gw = false;
@@ -1168,10 +1168,10 @@ function validate_address_family($ipaddr, $gwname) {
 	}
 
 	/* still no match, carry on, lookup gateways */
-	if (is_ipaddrv4(lookup_gateway_ip_by_name($gwname))) {
+	if (is_ipaddrv4(lookup_gateway_ip_by_name($gwname, $disabled))) {
 		$v4gw = true;
 	}
-	if (is_ipaddrv6(lookup_gateway_ip_by_name($gwname))) {
+	if (is_ipaddrv6(lookup_gateway_ip_by_name($gwname, $disabled))) {
 		$v6gw = true;
 	}
 
-- 
cgit v1.1