From e66503688e06a8ce19875863ee87356bb4ce3cf8 Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Tue, 20 Dec 2016 15:50:17 -0200
Subject: Disable DHCP server on interfaces with subnet >= 31. Fixes #6930

---
 src/usr/local/www/interfaces.php    | 16 ++++++++++++++--
 src/usr/local/www/services_dhcp.php | 30 +++++++++++++++++++++++-------
 2 files changed, 37 insertions(+), 9 deletions(-)

(limited to 'src/usr/local/www')

diff --git a/src/usr/local/www/interfaces.php b/src/usr/local/www/interfaces.php
index 292cd00..234a0c6 100644
--- a/src/usr/local/www/interfaces.php
+++ b/src/usr/local/www/interfaces.php
@@ -548,8 +548,20 @@ if ($_POST['apply']) {
 		$input_errors[] = gettext("The interface description cannot contain only numbers.");
 	}
 	/* input validation */
-	if (isset($config['dhcpd']) && isset($config['dhcpd'][$if]['enable']) && (!preg_match("/^staticv4/", $_POST['type']))) {
-		$input_errors[] = gettext("The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.");
+	if (isset($config['dhcpd']) && isset($config['dhcpd'][$if]['enable'])) {
+		if (!preg_match("/^staticv4/", $_POST['type'])) {
+			$input_errors[] = gettext("The DHCP Server is active " .
+			    "on this interface and it can be used only with " .
+			    "a static IP configuration. Please disable the " .
+			    "DHCP Server service on this interface first, " .
+			    "then change the interface configuration.");
+		} elseif (!empty($_POST['subnet']) && $_POST['subnet'] >= 31) {
+			$input_errors[] = gettext("The DHCP Server is active " .
+			    "on this interface and it can be used only with " .
+			    "IPv4 subnet < 31. Please disable the " .
+			    "DHCP Server service on this interface first, " .
+			    "then change the interface configuration.");
+		}
 	}
 	if (isset($config['dhcpdv6']) && isset($config['dhcpdv6'][$if]['enable']) && ($_POST['type6'] != "staticv6" && $_POST['type6'] != "track6")) {
 		$input_errors[] = gettext("The DHCP6 Server is active on this interface and it can be used only with a static IPv6 configuration. Please disable the DHCPv6 Server service on this interface first, then change the interface configuration.");
diff --git a/src/usr/local/www/services_dhcp.php b/src/usr/local/www/services_dhcp.php
index e8a9da5..36a0f34 100644
--- a/src/usr/local/www/services_dhcp.php
+++ b/src/usr/local/www/services_dhcp.php
@@ -95,15 +95,22 @@ if (!$if || !isset($iflist[$if])) {
 	// First look for an interface with DHCP already enabled.
 	foreach ($iflist as $ifent => $ifname) {
 		$oc = $config['interfaces'][$ifent];
-		if (is_array($config['dhcpd'][$ifent]) && isset($config['dhcpd'][$ifent]['enable']) && (is_ipaddrv4($oc['ipaddr']))) {
+		if (is_array($config['dhcpd'][$ifent]) &&
+		    isset($config['dhcpd'][$ifent]['enable']) &&
+		    is_ipaddrv4($oc['ipaddr']) && $oc['subnet'] < 31) {
 			$if = $ifent;
 			$found_starting_if = true;
 			break;
 		}
 	}
 
-	// If there is no DHCP-enabled interface and LAN is a candidate, then choose LAN.
-	if (!$found_starting_if && isset($iflist['lan']) && is_ipaddrv4($config['interfaces']['lan']['ipaddr'])) {
+	/*
+	 * If there is no DHCP-enabled interface and LAN is a candidate,
+	 * then choose LAN.
+	 */
+	if (!$found_starting_if && isset($iflist['lan']) &&
+	    is_ipaddrv4($config['interfaces']['lan']['ipaddr']) &&
+	    $config['interfaces']['lan']['subnet'] < 31) {
 		$if = 'lan';
 		$found_starting_if = true;
 	}
@@ -112,8 +119,15 @@ if (!$if || !isset($iflist[$if])) {
 	if (!$found_starting_if) {
 		foreach ($iflist as $ifent => $ifname) {
 			$oc = $config['interfaces'][$ifent];
-			if ((is_array($config['dhcpd'][$ifent]) && !isset($config['dhcpd'][$ifent]['enable']) && (!is_ipaddrv4($oc['ipaddr']))) ||
-				(!is_array($config['dhcpd'][$ifent]) && (!is_ipaddrv4($oc['ipaddr'])))) {
+
+			/* Not static IPv4 or subnet >= 31 */
+			if (!is_ipaddrv4($oc['ipaddr']) ||
+			    empty($oc['subnet']) || $oc['subnet'] < 31) {
+				continue;
+			}
+
+			if (!is_array($config['dhcpd'][$ifent]) ||
+			    !isset($config['dhcpd'][$ifent]['enable'])) {
 				continue;
 			}
 
@@ -760,8 +774,10 @@ $i = 0;
 
 foreach ($iflist as $ifent => $ifname) {
 	$oc = $config['interfaces'][$ifent];
-	if ((is_array($config['dhcpd'][$ifent]) && !isset($config['dhcpd'][$ifent]['enable']) && (!is_ipaddrv4($oc['ipaddr']))) ||
-	    (!is_array($config['dhcpd'][$ifent]) && (!is_ipaddrv4($oc['ipaddr'])))) {
+
+	/* Not static IPv4 or subnet >= 31 */
+	if (!is_ipaddrv4($oc['ipaddr']) ||
+	    empty($oc['subnet']) || $oc['subnet'] >= 31) {
 		continue;
 	}
 
-- 
cgit v1.1