/**
* return option array for valid translation networks
*/
function formTranslateAddresses()
{
global $config;
$retval = array();
// add this hosts ips
foreach ($config['interfaces'] as $intf => $intfdata) {
if (isset($intfdata['ipaddr']) && $intfdata['ipaddr'] != 'dhcp') {
$retval[$intfdata['ipaddr']] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf) . " " . gettext("address");
}
}
// add VIPs's
if (isset($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if (!isset($sn['noexpand'])) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
$retval[$sn['subnet'] . '/' . $sn['subnet_bits']] = htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})");
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$retval[$snip] = htmlspecialchars("{$snip} ({$sn['descr']})");
}
} else {
$retval[$sn['subnet']] = htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");
}
}
}
}
// add Aliases
foreach (legacy_list_aliases("network") as $alias) {
if ($alias['type'] == "host") {
$retval[$alias['name']] = $alias['name'];
}
}
return $retval;
}
}
}
if (is_array($config['virtualip']) && isset($pkga['showvirtualips'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if (!preg_match("/{$interface_regex}/", $vip['interface'])) {
$vip_description = $vip['descr'] != "" ? " ({$vip['descr']}) " : " ";
}
switch ($vip['mode']) {
case "ipalias":
case "carp":
$ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}");
break;
case "proxyarp":
if ($vip['type'] == "network") {
$start = ip2long32(gen_subnet($vip['subnet'], $vip['subnet_bits']));
$end = ip2long32(gen_subnet_max($vip['subnet'], $vip['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$ips[] = array('ip' => long2ip32($start + $i), 'description' => long2ip32($start + $i) . " from {$vip['subnet']}/{$vip['subnet_bits']} {$vip_description}");
}
} else {
$ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}");
}
break;
}
}
}
sort($ips);
if (isset($pkga['showlistenall'])) {
array_unshift($ips, array('ip' => gettext('All'), 'description' => gettext('Listen on All interfaces/ip addresses ')));
}
function build_target_list()
{
global $config, $sn, $a_aliases;
$list = array();
$list[""] = gettext('Interface Address');
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if (isset($sn['noexpand'])) {
continue;
}
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
$list[$sn['subnet'] . '/' . $sn['subnet_bits']] = 'Subnet: ' . $sn['subnet'] . '/' . $sn['subnet_bits'] . ' (' . $sn['descr'] . ')';
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $snip . ' (' . $sn['descr'] . ')';
}
} else {
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
}
}
}
foreach ($a_aliases as $alias) {
if ($alias['type'] != "host") {
continue;
}
$list[$alias['name']] = gettext('Host Alias: ') . $alias['name'] . ' (' . $alias['descr'] . ')';
}
$list['other-subnet'] = gettext('Other Subnet (Enter Below)');
return $list;
}
function build_radiusnas_list()
{
$list = array();
$iflist = get_configured_interface_with_descr();
foreach ($iflist as $ifdesc => $ifdescr) {
$ipaddr = get_interface_ip($ifdesc);
if (is_ipaddr($ipaddr)) {
$list[$ifdescr] = $ifdescr . ' - ' . $ipaddr;
}
}
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $sn['descr'] . ' - ' . $snip;
}
} else {
$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
}
}
}
return $list;
}
function build_dsttype_list()
{
global $pconfig, $config, $ifdisp;
$sel = is_specialnet($pconfig['dst']);
$list = array('any' => 'Any', 'single' => 'Single host or alias', 'network' => 'Network', '(self)' => 'This Firewall (self)');
if (have_ruleint_access("pppoe")) {
$list['pppoe'] = 'PPPoE clients';
}
if (have_ruleint_access("l2tp")) {
$list['l2tp'] = 'L2TP clients';
}
foreach ($ifdisp as $if => $ifdesc) {
if (have_ruleint_access($if)) {
$list[$if] = $ifdesc;
$list[$if . 'ip'] = $ifdesc . ' address';
}
}
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
if (isset($sn['noexpand'])) {
continue;
}
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $snip . ' (' . $sn['descr'] . ')';
}
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
} else {
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
}
}
}
return $list;
}
function ip_range_to_subnet_array_temp($ip1, $ip2)
{
if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) {
$proto = 'ipv4';
// for clarity
$bits = 32;
$ip1bin = decbin(ip2long32($ip1));
$ip2bin = decbin(ip2long32($ip2));
} elseif (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) {
$proto = 'ipv6';
$bits = 128;
$ip1bin = Net_IPv6::_ip2Bin($ip1);
$ip2bin = Net_IPv6::_ip2Bin($ip2);
} else {
return array();
}
// it's *crucial* that binary strings are guaranteed the expected length; do this for certainty even though for IPv6 it's redundant
$ip1bin = str_pad($ip1bin, $bits, '0', STR_PAD_LEFT);
$ip2bin = str_pad($ip2bin, $bits, '0', STR_PAD_LEFT);
if ($ip1bin === $ip2bin) {
return array($ip1 . '/' . $bits);
}
if (strcmp($ip1bin, $ip2bin) > 0) {
list($ip1bin, $ip2bin) = array($ip2bin, $ip1bin);
}
// swap contents of ip1 <= ip2
$rangesubnets = array();
$netsize = 0;
do {
// at loop start, $ip1 is guaranteed strictly less than $ip2 (important for edge case trapping and preventing accidental binary wrapround)
// which means the assignments $ip1 += 1 and $ip2 -= 1 will always be "binary-wrapround-safe"
// step #1 if start ip (as shifted) ends in any '1's, then it must have a single cidr to itself (any cidr would include the '0' below it)
if (substr($ip1bin, -1, 1) == '1') {
// the start ip must be in a separate one-IP cidr range
$new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
$rangesubnets[$new_subnet_ip] = $bits - $netsize;
$n = strrpos($ip1bin, '0');
//can't be all 1's
$ip1bin = ($n == 0 ? '' : substr($ip1bin, 0, $n)) . '1' . str_repeat('0', $bits - $n - 1);
// BINARY VERSION OF $ip1 += 1
}
// step #2, if end ip (as shifted) ends in any zeros then that must have a cidr to itself (as cidr cant span the 1->0 gap)
if (substr($ip2bin, -1, 1) == '0') {
// the end ip must be in a separate one-IP cidr range
$new_subnet_ip = substr($ip2bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
$rangesubnets[$new_subnet_ip] = $bits - $netsize;
$n = strrpos($ip2bin, '1');
//can't be all 0's
$ip2bin = ($n == 0 ? '' : substr($ip2bin, 0, $n)) . '0' . str_repeat('1', $bits - $n - 1);
// BINARY VERSION OF $ip2 -= 1
// already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe
}
// this is the only edge case arising from increment/decrement.
// it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now)
if (strcmp($ip2bin, $ip1bin) < 0) {
continue;
}
// step #3 the start and end ip MUST now end in '0's and '1's respectively
// so we have a non-trivial range AND the last N bits are no longer important for CIDR purposes.
$shift = $bits - max(strrpos($ip1bin, '0'), strrpos($ip2bin, '1'));
// num of low bits which are '0' in ip1 and '1' in ip2
$ip1bin = str_repeat('0', $shift) . substr($ip1bin, 0, $bits - $shift);
$ip2bin = str_repeat('0', $shift) . substr($ip2bin, 0, $bits - $shift);
$netsize += $shift;
if ($ip1bin === $ip2bin) {
// we're done.
$new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
$rangesubnets[$new_subnet_ip] = $bits - $netsize;
continue;
}
// at this point there's still a remaining range, and either startip ends with '1', or endip ends with '0'. So repeat cycle.
} while (strcmp($ip1bin, $ip2bin) < 0);
// subnets are ordered by bit size. Re sort by IP ("naturally") and convert back to IPv4/IPv6
ksort($rangesubnets, SORT_STRING);
$out = array();
foreach ($rangesubnets as $ip => $netmask) {
if ($proto == 'ipv4') {
$i = str_split($ip, 8);
$out[] = implode('.', array(bindec($i[0]), bindec($i[1]), bindec($i[2]), bindec($i[3]))) . '/' . $netmask;
} else {
$out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask;
}
}
return $out;
}
