aboutsummaryrefslogtreecommitdiffstats
path: root/config/iprangealiases/iprangealiases.patch
diff options
context:
space:
mode:
Diffstat (limited to 'config/iprangealiases/iprangealiases.patch')
-rw-r--r--config/iprangealiases/iprangealiases.patch249
1 files changed, 249 insertions, 0 deletions
diff --git a/config/iprangealiases/iprangealiases.patch b/config/iprangealiases/iprangealiases.patch
new file mode 100644
index 00000000..6e1cdabb
--- /dev/null
+++ b/config/iprangealiases/iprangealiases.patch
@@ -0,0 +1,249 @@
+--- /etc/inc/util.inc.orig 2010-03-09 13:01:37.000000000 -0500
++++ /etc/inc/util.inc 2010-03-09 13:01:40.000000000 -0500
+@@ -78,6 +78,127 @@
+ return long2ip(gen_subnet_mask_long($bits));
+ }
+
++/* Convert IP address to unsigned long int. */
++function ip2ulong($ip) {
++ return sprintf("%u", ip2long($ip));
++}
++
++/* Find out how many IPs are contained within a given IP range
++ * e.g. 192.168.0.0 to 192.168.0.255 returns 256
++ */
++function ip_range_size($startip, $endip) {
++ if (is_ipaddr($startip) && is_ipaddr($endip)) {
++ // Operate as unsigned long because otherwise it wouldn't work
++ // when crossing over from 127.255.255.255 / 128.0.0.0 barrier
++ return abs(ip2ulong($startip) - ip2ulong($endip)) + 1;
++ }
++ return -1;
++}
++
++/* Find the smallest possible subnet mask which can contain a given number of IPs
++ * e.g. 512 IPs can fit in a /23, but 513 IPs need a /22
++ */
++function find_smallest_cidr($number) {
++ $smallest = 1;
++ for ($b=32; $b > 0; $b--) {
++ $smallest = ($number <= pow(2,$b)) ? $b : $smallest;
++ }
++ return (32-$smallest);
++}
++
++/* Return the previous IP address before the given address */
++function ip_before($ip) {
++ return long2ip(ip2long($ip)-1);
++}
++
++/* Return the next IP address after the given address */
++function ip_after($ip) {
++ return long2ip(ip2long($ip)+1);
++}
++
++/* Return true if the first IP is 'before' the second */
++function ip_less_than($ip1, $ip2) {
++ // Compare as unsigned long because otherwise it wouldn't work when
++ // crossing over from 127.255.255.255 / 128.0.0.0 barrier
++ return ip2ulong($ip1) < ip2ulong($ip2);
++}
++
++/* Return true if the first IP is 'after' the second */
++function ip_greater_than($ip1, $ip2) {
++ // Compare as unsigned long because otherwise it wouldn't work
++ // when crossing over from 127.255.255.255 / 128.0.0.0 barrier
++ return ip2ulong($ip1) > ip2ulong($ip2);
++}
++
++/* Convert a range of IPs to an array of subnets which can contain the range. */
++function ip_range_to_subnet_array($startip, $endip) {
++ if (!is_ipaddr($startip) || !is_ipaddr($endip)) {
++ return array();
++ }
++
++ // Container for subnets within this range.
++ $rangesubnets = array();
++
++ // Figure out what the smallest subnet is that holds the number of IPs in the given range.
++ $cidr = find_smallest_cidr(ip_range_size($startip, $endip));
++
++ // Loop here to reduce subnet size and retest as needed. We need to make sure
++ // that the target subnet is wholly contained between $startip and $endip.
++ for ($cidr; $cidr <= 32; $cidr++) {
++ // Find the network and broadcast addresses for the subnet being tested.
++ $targetsub_min = gen_subnet($startip, $cidr);
++ $targetsub_max = gen_subnet_max($startip, $cidr);
++
++ // Check best case where the range is exactly one subnet.
++ if (($targetsub_min == $startip) && ($targetsub_max == $endip)) {
++ // Hooray, the range is exactly this subnet!
++ return array("{$startip}/{$cidr}");
++ }
++
++ // These remaining scenarios will find a subnet that uses the largest
++ // chunk possible of the range being tested, and leave the rest to be
++ // tested recursively after the loop.
++
++ // Check if the subnet begins with $startip and ends before $endip
++ if (($targetsub_min == $startip) && ip_less_than($targetsub_max, $endip)) {
++ break;
++ }
++
++ // Check if the subnet ends at $endip and starts after $startip
++ if (ip_greater_than($targetsub_min, $startip) && ($targetsub_max == $endip)) {
++ break;
++ }
++
++ // Check if the subnet is between $startip and $endip
++ if (ip_greater_than($targetsub_min, $startip) && ip_less_than($targetsub_max, $endip)) {
++ break;
++ }
++ }
++
++ // Some logic that will recursivly search from $startip to the first IP before the start of the subnet we just found.
++ // NOTE: This may never be hit, the way the above algo turned out, but is left for completeness.
++ if ($startip != $targetsub_min) {
++ $rangesubnets = array_merge($rangesubnets, ip_range_to_subnet_array($startip, ip_before($targetsub_min)));
++ }
++
++ // Add in the subnet we found before, to preserve ordering
++ $rangesubnets[] = "{$targetsub_min}/{$cidr}";
++
++ // And some more logic that will search after the subnet we found to fill in to the end of the range.
++ if ($endip != $targetsub_max) {
++ $rangesubnets = array_merge($rangesubnets, ip_range_to_subnet_array(ip_after($targetsub_max), $endip));
++ }
++ return $rangesubnets;
++}
++
++function is_iprange($range) {
++ if (substr_count($range, '-') != 1) {
++ return false;
++ }
++ list($ip1, $ip2) = explode ('-', $range);
++ return (is_ipaddr($ip1) && is_ipaddr($ip2));
++}
++
+ function is_numericint($arg) {
+ return (preg_match("/[^0-9]/", $arg) ? false : true);
+ }
+--- /usr/local/www/firewall_aliases_edit.php.orig 2010-03-09 13:08:12.000000000 -0500
++++ /usr/local/www/firewall_aliases_edit.php 2010-03-10 15:49:57.000000000 -0500
+@@ -96,11 +96,6 @@
+ $reqdfields = explode(" ", "name address");
+ $reqdfieldsn = explode(",", "Name,Address");
+
+- if ($_POST['type'] == "network") {
+- $reqdfields[] = "address_subnet";
+- $reqdfieldsn[] = "Subnet bit count";
+- }
+-
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "lan")
+@@ -122,10 +117,13 @@
+ $input_errors[] = "A valid address must be specified.";
+ }
+ if ($_POST['type'] == "network") {
+- if (!is_ipaddr($_POST['address'])) {
++ if (!is_numeric($_POST['address_subnet']) && !is_iprange($_POST['address'])) {
++ $input_errors[] = "Subnet bit count must be specified";
++ }
++ if (!is_ipaddr($_POST['address']) && !is_iprange($_POST['address'])) {
+ $input_errors[] = "A valid address must be specified.";
+ }
+- if (!is_numeric($_POST['address_subnet'])) {
++ if (!is_numeric($_POST['address_subnet']) && !is_iprange($_POST['address'])) {
+ $input_errors[] = "A valid subnet bit count must be specified.";
+ }
+ }
+@@ -160,21 +158,28 @@
+
+ $alias = array();
+ $alias['name'] = $_POST['name'];
+- if ($_POST['type'] == "network")
+- $alias['address'] = $_POST['address'] . "/" . $_POST['address_subnet'];
+
+- else
++ $count = 1;
++ if ($_POST['type'] == "network") {
++ if (is_iprange($_POST['address'])) {
++ list($startip, $endip) = explode('-', $_POST["address"]);
++ $rangesubnets = ip_range_to_subnet_array($startip, $endip);
++ $count = count($rangesubnets);
++ $alias['address'] .= implode($rangesubnets, ' ');
++ } else {
++ $alias['address'] = $_POST['address'] . "/" . $_POST['address_subnet'];
++ }
++ } else {
+ $alias['address'] = $_POST['address'];
++ }
+
+ $address = $alias['address'];
+ $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto");
+- if($final_address_detail <> "") {
+- $final_address_details .= $final_address_detail;
++ if($final_address_detail <> "") {
++ $final_address_details .= str_repeat($final_address_detail . "||", $count);
+ } else {
+- $final_address_details .= "Entry added" . " ";
+- $final_address_details .= date('r');
+- }
+- $final_address_details .= "||";
++ $final_address_details .= str_repeat("Entry added " . date('r') . "||", $count);
++ }
+ $isfirst = 0;
+
+ if($_POST['type'] == "url") {
+@@ -234,28 +239,38 @@
+ } else {
+ /* item is a normal alias type */
+ for($x=0; $x<299; $x++) {
++ $count = 1;
+ $comd = "\$subnet = \$_POST['address" . $x . "'];";
+ eval($comd);
+ $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];";
+ eval($comd);
+ if($subnet <> "") {
+- $address .= " ";
+- $address .= $subnet;
+- if($subnet_address <> "") $address .= "/" . $subnet_address;
++ if ($_POST['type'] == "network" && is_iprange($subnet)) {
++ list($startip, $endip) = explode('-', $subnet);
++ $rangesubnets = ip_range_to_subnet_array($startip, $endip);
++ $count = count($rangesubnets);
++ if ($address <> "") {
++ $address .= " ";
++ }
++ $address .= implode($rangesubnets, ' ');
++ } else {
++ $address .= " " . $subnet;
++ if ($subnet_address <> "") {
++ $address .= "/" . $subnet_address;
++ }
++ }
+
+ /* Compress in details to a single key, data separated by pipes.
+ Pulling details here lets us only pull in details for valid
+ address entries, saving us from having to track which ones to
+ process later. */
+- $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');";
+- eval($comd);
+- if($final_address_detail <> "") {
+- $final_address_details .= $final_address_detail;
+- } else {
+- $final_address_details .= "Entry added" . " ";
+- $final_address_details .= date('r');
+- }
+- $final_address_details .= "||";
++ $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');";
++ eval($comd);
++ if($final_address_detail <> "") {
++ $final_address_details .= str_repeat($final_address_detail . "||", $count);
++ } else {
++ $final_address_details .= str_repeat("Entry added " . date('r') . "||", $count);
++ }
+ }
+ }
+ }