/**
* return 0 if not match, 1 if $sub is included in $ref, 2 if $sub is partially matched by $ref.
* @param string|int[] $sub ie: 192.168.0.2/24, 192.168.0.2,192.168.0.2-192.168.0.4
* @param string|int[] $ref
* @return int
*/
public static function netMatch($sub, $ref)
{
if (is_array($sub)) {
$subNetwork = $sub['start'];
$subBroadcast = $sub['end'];
} else {
$res = cidr::stringToStartEnd($sub);
$subNetwork = $res['start'];
$subBroadcast = $res['end'];
}
if (is_array($ref)) {
$refNetwork = $ref['start'];
$refBroadcast = $ref['end'];
} else {
$res = cidr::stringToStartEnd($ref);
$refNetwork = $res['start'];
$refBroadcast = $res['end'];
}
if ($subNetwork >= $refNetwork && $subBroadcast <= $refBroadcast) {
//print "sub $sub is included in $ref\n";
return 1;
}
if ($subNetwork >= $refNetwork && $subNetwork <= $refBroadcast || $subBroadcast >= $refNetwork && $subBroadcast <= $refBroadcast || $subNetwork <= $refNetwork && $subBroadcast >= $refBroadcast) {
//print "sub $sub is partially included in $ref : ".long2ip($subNetwork)."/".long2ip($subBroadcast)." vs ".long2ip($refNetwork)."/".long2ip($refBroadcast)."\n";
//print "sub $sub is partially included in $ref : ".$refNetwork."/".$subBroadcast."/".$refBroadcast."\n";
return 2;
}
//print "sub $sub is not matching $ref : ".long2ip($subNetwork)."/".long2ip($subBroadcast)." vs ".long2ip($refNetwork)."/".long2ip($refBroadcast)."\n";
return 0;
}
public static function mapFromText($text)
{
$map = new IP4Map();
$map->_map[] = cidr::stringToStartEnd($text);
return $map;
}
/**
* @param string $ip
* @return EthernetInterface[]|IPsecTunnel[]|LoopbackInterface[]|AggregateEthernetInterface[]
*/
function findInterfacesNetworkMatchingIP($ip)
{
$ifs = array();
foreach ($this->ethernetIfStore->getInterfaces() as $if) {
if ($if->type() == 'layer3') {
$ipAddresses = $if->getLayer3IPv4Addresses();
foreach ($ipAddresses as $ipAddress) {
if (cidr::netMatch($ip, $ipAddress) > 0) {
$ifs[] = $if;
break;
}
}
}
}
foreach ($this->aggregateEthernetIfStore->getInterfaces() as $if) {
if ($if->type() == 'layer3') {
$ipAddresses = $if->getLayer3IPv4Addresses();
foreach ($ipAddresses as $ipAddress) {
if (cidr::netMatch($ip, $ipAddress) > 0) {
$ifs[] = $if;
break;
}
}
}
}
foreach ($this->loopbackIfStore->getInterfaces() as $if) {
$ipAddresses = $if->getIPv4Addresses();
foreach ($ipAddresses as $ipAddress) {
if (cidr::netMatch($ip, $ipAddress) > 0) {
$ifs[] = $if;
break;
}
}
}
return $ifs;
}
/**
* return 0 if not match, 1 if $network is fully included in this object, 2 if $network is partially matched by this object.
* @param $network|IP4Map ie: 192.168.0.2/24, 192.168.0.2,192.168.0.2-192.168.0.4
* @return int
*/
public function includesIP4Network($network)
{
if ($this->type != self::TypeIpNetmask && $this->type != self::TypeIpRange) {
return 0;
}
if (is_object($network)) {
$networkMap = $network;
} else {
$networkMap = IP4Map::mapFromText($network);
}
return cidr::netMatch($networkMap->getFirstMapEntry(), $this->getIP4Mapping()->getFirstMapEntry());
}
/**
* @return bool|string
*/
public function destinationIP4Mapping()
{
return cidr::stringToStartEnd($this->_destination);
}
/**
* @param $contextVSYS VirtualSystem
* @param $orderByNarrowest bool
* @return array
*/
public function getIPtoZoneRouteMapping($contextVSYS, $orderByNarrowest = true)
{
$ipv4 = array();
$ipv6 = array();
$ipv4sort = array();
foreach ($this->staticRoutes() as $route) {
$ipv4Mapping = $route->destinationIP4Mapping();
$nexthopIf = $route->nexthopInterface();
if ($nexthopIf !== null) {
if (!$this->attachedInterfaces->hasInterfaceNamed($nexthopIf->name())) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface does not belong to this virtual router'");
continue;
}
if ($contextVSYS->importedInterfaces->hasInterfaceNamed($nexthopIf->name())) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($nexthopIf->name());
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is not attached to a Zone in vsys {$contextVSYS->name()}'");
continue;
} else {
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} else {
$findVsys = $contextVSYS->owner->network->findVsysInterfaceOwner($nexthopIf->name());
if ($findVsys === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is attached to no VSYS");
continue;
}
$externalZone = $contextVSYS->zoneStore->findZoneWithExternalVsys($findVsys);
if ($externalZone == null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is attached to wrong vsys '{$findVsys->name()}' and no external zone could be found");
continue;
}
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $externalZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} else {
if ($route->nexthopType() == 'ip-address') {
$nextHopType = $route->nexthopType();
$nexthopIP = $route->nexthopIP();
$findZone = null;
foreach ($this->attachedInterfaces->interfaces() as $if) {
if (($if->isEthernetType() || $if->isAggregateType()) && $if->type() == 'layer3' || $if->isLoopbackType()) {
if (!$contextVSYS->importedInterfaces->hasInterfaceNamed($if->name())) {
continue;
}
if ($if->isLoopbackType()) {
$ips = $if->getIPv4Addresses();
} else {
$ips = $if->getLayer3IPv4Addresses();
}
foreach ($ips as &$interfaceIP) {
if (cidr::netMatch($nexthopIP, $interfaceIP) > 0) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$if->name()} but this interface is not attached to a Zone in vsys {$contextVSYS->name()}'");
continue;
}
break;
}
}
if ($findZone !== null) {
break;
}
} else {
continue;
}
}
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because no matching interface was found for nexthop={$nexthopIP}");
continue;
}
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
} else {
mwarning("route {$route->name()}/{$route->destination()} ignored because of unknown type '{$nextHopType}'");
continue;
}
}
}
foreach ($this->attachedInterfaces->interfaces() as $if) {
if (!$contextVSYS->importedInterfaces->hasInterfaceNamed($if->name())) {
continue;
}
if (($if->isEthernetType() || $if->isAggregateType()) && $if->type() == 'layer3') {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
continue;
}
$ipAddresses = $if->getLayer3IPv4Addresses();
foreach ($ipAddresses as $interfaceIP) {
$ipv4Mapping = cidr::stringToStartEnd($interfaceIP);
$record = array('network' => $interfaceIP, 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'connected', 'priority' => 1);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} elseif ($if->isLoopbackType()) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
continue;
}
$ipAddresses = $if->getIPv4Addresses();
foreach ($ipAddresses as $interfaceIP) {
$ipv4Mapping = cidr::stringToStartEnd($interfaceIP);
$record = array('network' => $interfaceIP, 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'connected', 'priority' => 1);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
}
}
ksort($ipv4sort);
foreach ($ipv4sort as &$record) {
ksort($record);
foreach ($record as &$subRecord) {
foreach ($subRecord as &$subSubRecord) {
$ipv4[] =& $subSubRecord;
}
}
}
$result = array('ipv4' => &$ipv4, 'ipv6' => &$ipv6);
return $result;
}
