/** * return option array for valid translation networks */ function formTranslateAddresses() { global $config; $retval = array(); // add this hosts ips foreach ($config['interfaces'] as $intf => $intfdata) { if (isset($intfdata['ipaddr']) && $intfdata['ipaddr'] != 'dhcp') { $retval[$intfdata['ipaddr']] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf) . " " . gettext("address"); } } // add VIPs's if (isset($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if (!isset($sn['noexpand'])) { if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; $retval[$sn['subnet'] . '/' . $sn['subnet_bits']] = htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})"); for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $retval[$snip] = htmlspecialchars("{$snip} ({$sn['descr']})"); } } else { $retval[$sn['subnet']] = htmlspecialchars("{$sn['subnet']} ({$sn['descr']})"); } } } } // add Aliases foreach (legacy_list_aliases("network") as $alias) { if ($alias['type'] == "host") { $retval[$alias['name']] = $alias['name']; } } return $retval; }
} } if (is_array($config['virtualip']) && isset($pkga['showvirtualips'])) { foreach ($config['virtualip']['vip'] as $vip) { if (!preg_match("/{$interface_regex}/", $vip['interface'])) { $vip_description = $vip['descr'] != "" ? " ({$vip['descr']}) " : " "; } switch ($vip['mode']) { case "ipalias": case "carp": $ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}"); break; case "proxyarp": if ($vip['type'] == "network") { $start = ip2long32(gen_subnet($vip['subnet'], $vip['subnet_bits'])); $end = ip2long32(gen_subnet_max($vip['subnet'], $vip['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++) { $ips[] = array('ip' => long2ip32($start + $i), 'description' => long2ip32($start + $i) . " from {$vip['subnet']}/{$vip['subnet_bits']} {$vip_description}"); } } else { $ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}"); } break; } } } sort($ips); if (isset($pkga['showlistenall'])) { array_unshift($ips, array('ip' => gettext('All'), 'description' => gettext('Listen on All interfaces/ip addresses '))); }
function build_target_list() { global $config, $sn, $a_aliases; $list = array(); $list[""] = gettext('Interface Address'); if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if (isset($sn['noexpand'])) { continue; } if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; $list[$sn['subnet'] . '/' . $sn['subnet_bits']] = 'Subnet: ' . $sn['subnet'] . '/' . $sn['subnet_bits'] . ' (' . $sn['descr'] . ')'; for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $list[$snip] = $snip . ' (' . $sn['descr'] . ')'; } } else { $list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')'; } } } foreach ($a_aliases as $alias) { if ($alias['type'] != "host") { continue; } $list[$alias['name']] = gettext('Host Alias: ') . $alias['name'] . ' (' . $alias['descr'] . ')'; } $list['other-subnet'] = gettext('Other Subnet (Enter Below)'); return $list; }
function build_radiusnas_list() { $list = array(); $iflist = get_configured_interface_with_descr(); foreach ($iflist as $ifdesc => $ifdescr) { $ipaddr = get_interface_ip($ifdesc); if (is_ipaddr($ipaddr)) { $list[$ifdescr] = $ifdescr . ' - ' . $ipaddr; } } if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $list[$snip] = $sn['descr'] . ' - ' . $snip; } } else { $list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet']; } } } return $list; }
function build_dsttype_list() { global $pconfig, $config, $ifdisp; $sel = is_specialnet($pconfig['dst']); $list = array('any' => 'Any', 'single' => 'Single host or alias', 'network' => 'Network', '(self)' => 'This Firewall (self)'); if (have_ruleint_access("pppoe")) { $list['pppoe'] = 'PPPoE clients'; } if (have_ruleint_access("l2tp")) { $list['l2tp'] = 'L2TP clients'; } foreach ($ifdisp as $if => $ifdesc) { if (have_ruleint_access($if)) { $list[$if] = $ifdesc; $list[$if . 'ip'] = $ifdesc . ' address'; } } if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { if (isset($sn['noexpand'])) { continue; } $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $list[$snip] = $snip . ' (' . $sn['descr'] . ')'; } $list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')'; } else { $list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')'; } } } return $list; }
function ip_range_to_subnet_array_temp($ip1, $ip2) { if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) { $proto = 'ipv4'; // for clarity $bits = 32; $ip1bin = decbin(ip2long32($ip1)); $ip2bin = decbin(ip2long32($ip2)); } elseif (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) { $proto = 'ipv6'; $bits = 128; $ip1bin = Net_IPv6::_ip2Bin($ip1); $ip2bin = Net_IPv6::_ip2Bin($ip2); } else { return array(); } // it's *crucial* that binary strings are guaranteed the expected length; do this for certainty even though for IPv6 it's redundant $ip1bin = str_pad($ip1bin, $bits, '0', STR_PAD_LEFT); $ip2bin = str_pad($ip2bin, $bits, '0', STR_PAD_LEFT); if ($ip1bin === $ip2bin) { return array($ip1 . '/' . $bits); } if (strcmp($ip1bin, $ip2bin) > 0) { list($ip1bin, $ip2bin) = array($ip2bin, $ip1bin); } // swap contents of ip1 <= ip2 $rangesubnets = array(); $netsize = 0; do { // at loop start, $ip1 is guaranteed strictly less than $ip2 (important for edge case trapping and preventing accidental binary wrapround) // which means the assignments $ip1 += 1 and $ip2 -= 1 will always be "binary-wrapround-safe" // step #1 if start ip (as shifted) ends in any '1's, then it must have a single cidr to itself (any cidr would include the '0' below it) if (substr($ip1bin, -1, 1) == '1') { // the start ip must be in a separate one-IP cidr range $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); $rangesubnets[$new_subnet_ip] = $bits - $netsize; $n = strrpos($ip1bin, '0'); //can't be all 1's $ip1bin = ($n == 0 ? '' : substr($ip1bin, 0, $n)) . '1' . str_repeat('0', $bits - $n - 1); // BINARY VERSION OF $ip1 += 1 } // step #2, if end ip (as shifted) ends in any zeros then that must have a cidr to itself (as cidr cant span the 1->0 gap) if (substr($ip2bin, -1, 1) == '0') { // the end ip must be in a separate one-IP cidr range $new_subnet_ip = substr($ip2bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); $rangesubnets[$new_subnet_ip] = $bits - $netsize; $n = strrpos($ip2bin, '1'); //can't be all 0's $ip2bin = ($n == 0 ? '' : substr($ip2bin, 0, $n)) . '0' . str_repeat('1', $bits - $n - 1); // BINARY VERSION OF $ip2 -= 1 // already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe } // this is the only edge case arising from increment/decrement. // it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now) if (strcmp($ip2bin, $ip1bin) < 0) { continue; } // step #3 the start and end ip MUST now end in '0's and '1's respectively // so we have a non-trivial range AND the last N bits are no longer important for CIDR purposes. $shift = $bits - max(strrpos($ip1bin, '0'), strrpos($ip2bin, '1')); // num of low bits which are '0' in ip1 and '1' in ip2 $ip1bin = str_repeat('0', $shift) . substr($ip1bin, 0, $bits - $shift); $ip2bin = str_repeat('0', $shift) . substr($ip2bin, 0, $bits - $shift); $netsize += $shift; if ($ip1bin === $ip2bin) { // we're done. $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); $rangesubnets[$new_subnet_ip] = $bits - $netsize; continue; } // at this point there's still a remaining range, and either startip ends with '1', or endip ends with '0'. So repeat cycle. } while (strcmp($ip1bin, $ip2bin) < 0); // subnets are ordered by bit size. Re sort by IP ("naturally") and convert back to IPv4/IPv6 ksort($rangesubnets, SORT_STRING); $out = array(); foreach ($rangesubnets as $ip => $netmask) { if ($proto == 'ipv4') { $i = str_split($ip, 8); $out[] = implode('.', array(bindec($i[0]), bindec($i[1]), bindec($i[2]), bindec($i[3]))) . '/' . $netmask; } else { $out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask; } } return $out; }