From e6c60013283ea203853e0bc34158e185016f4df6 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Mon, 11 Feb 2013 18:33:26 -0200 Subject: Check interfaces and VIP IP address overlap - Check if interface IP overlaps other interfaces or localip from mpd based services - Check if VIPs IP overlaps interfaces or other VIPs address It fixes #1723 --- usr/local/www/firewall_virtual_ip_edit.php | 20 ++++++-------------- usr/local/www/interfaces.php | 8 ++++++-- 2 files changed, 12 insertions(+), 16 deletions(-) (limited to 'usr') diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 8682d5e..4e257ac 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -110,15 +110,17 @@ if ($_POST) { if ($_POST['subnet']) $_POST['subnet'] = trim($_POST['subnet']); - if (($_POST['subnet'] && !is_ipaddr($_POST['subnet']))) - $input_errors[] = gettext("A valid IP address must be specified."); + if ($_POST['subnet']) { + if (!is_ipaddr($_POST['subnet'])) + $input_errors[] = gettext("A valid IP address must be specified."); + else if (is_ipaddr_configured($_POST['subnet'], "vip_" . $id, true)) + $input_errors[] = gettext("This IPv4 address is being used by another interface or VIP."); + } $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) { if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); - if ($_POST['subnet'] == get_interface_ip($natif)) - $input_errors[] = sprintf(gettext("The %s IP address may not be used in a virtual entry."),$natdescr); } if(is_ipaddrv4($_POST['subnet'])) { @@ -129,16 +131,6 @@ if ($_POST) { if(($_POST['subnet_bits'] == "127" or $_POST['subnet_bits'] == "128") and $_POST['mode'] == "carp") $input_errors[] = gettext("The /127 and /128 subnet mask are invalid for CARP IPs."); } - /* check for overlaps with other virtual IP */ - foreach ($a_vip as $vipent) { - if (isset($id) && ($a_vip[$id]) && ($a_vip[$id] === $vipent)) - continue; - - if (isset($_POST['subnet']) && $_POST['subnet'] == $vipent['subnet']) { - $input_errors[] = gettext("There is already a virtual IP entry for the specified IP address."); - break; - } - } /* make sure new ip is within the subnet of a valid ip * on one of our interfaces (wan, lan optX) diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 73b6620..fcd7b51 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -544,8 +544,12 @@ if ($_POST['apply']) { /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $_POST['spoofmac'] = strtolower(str_replace("-", ":", $_POST['spoofmac'])); - if (($_POST['ipaddr'] && !is_ipaddrv4($_POST['ipaddr']))) - $input_errors[] = gettext("A valid IPv4 address must be specified."); + if ($_POST['ipaddr']) { + if (!is_ipaddrv4($_POST['ipaddr'])) + $input_errors[] = gettext("A valid IPv4 address must be specified."); + else if (is_ipaddr_configured($_POST['ipaddr'], $if, true, true)) + $input_errors[] = gettext("This IPv4 address is being used by another interface or VIP."); + } if (($_POST['ipaddrv6'] && !is_ipaddrv6($_POST['ipaddrv6']))) $input_errors[] = gettext("A valid IPv6 address must be specified."); if (($_POST['subnet'] && !is_numeric($_POST['subnet']))) -- cgit v1.1