Project

General

Profile

Actions

Feature #2731

closed

Add input validation of static route destination networks

Added by Chris Buechler almost 12 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Routing
Target version:
Start date:
12/24/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

We need input validation on system_routes_edit.php to prevent adding a static route with "Destination network" == any locally-configured subnet. e.g. if your LAN is 192.168.1.1/24, a destination network of 192.168.1.0/24 on a static route is not valid. People have a tendency of adding such routes for some reason, which breaks their network in various ways. Worse, when you delete such a static route, "route delete" also whacks the interface's link route, so that NIC is dead until you click Save under Interfaces on it.

Needs to check against all locally-configured IPs (interface IPs, VIPs, IPv4 and v6). Route destination must be an exact match to a locally configured IP to be rejected, for instance 192.168.1.128/25 is a potentially valid route when you have a 192.168.1.0/24 subnet locally.

Actions #1

Updated by Jose Silva over 11 years ago

Hi I would like to work on this ticket. Reading the util.inc, I found the method get_configured_ip_addresses. So to implement this fix I had the following idea:

At the POST block at system_routes_edit.php, after the validations that already implemented, I check all ips returned by get_configured_ip_addresses() are included in the subnet being added.

assumptions:

  • it must be an ipv4
Actions #2

Updated by Chris Buechler over 11 years ago

  • Status changed from New to Resolved
  • Target version set to 2.1

this was actually implemented in 2.1 recently. There's a duplicate ticket here somewhere for it.

Actions #3

Updated by Jose Silva over 11 years ago

ok

Actions

Also available in: Atom PDF