Fix logic for subnet overlap check + canonical for IPv6
The subnet overlap functions came up as a concern while fixing redmine 5702. Specifically - The "canonical" function check_subnets_overlap() doesn't handle IPv6 (util.inc has standardised on v4/v6/agnostic versions, but this doesn't fit). Fixed by adding transparent detection of v4/v6 and a specific IPv4-only version The IPv6 version is wrong (if sub1 contains sub2 then neither of sub1's endpoints will be detected as "inrange" of sub2 and result will be incorrect: this logic error has been fixed recently in other code too) Bad data isn't detected - this still isn't detected for compatibility and is tagged "FIXME" instead to look at in future. Reason - not to break anything, at present always returns "overlap = true/false", not "true/false/invalid input". because CIDR overlap implies containment, the IPv4 version uses a very efficient logic, namely calculates largest size subnet and checks this is same for both. Adopting this for both, and simplifying, makes these functions far "neater" The old v4 version allowed for non-numeric $bits which doesn't make sense and I've omitted. Cannot think of a single situation where we would provide empty or bad data when we actually mean a /32 single IP.
Solution in this commit - a canonical "overlap" test (IPv4/IPv6 agnostic), IPv4/v6 "overlap" versions that actually do the work, in each case using the same logic as the old v4 (identify largest bit size and test if subnets created are valid and identical), and tag lack of "bad data" detection as fixme for now, returning FALSE instead to avoid breaking anything until fixed. Should be transparent from outside.
Added by Stilez y over 9 years ago
Fix logic for subnet overlap check + canonical for IPv6
The subnet overlap functions came up as a concern while fixing redmine 5702.
Specifically -
The "canonical" function check_subnets_overlap() doesn't handle IPv6 (util.inc has standardised on v4/v6/agnostic versions, but this doesn't fit). Fixed by adding transparent detection of v4/v6 and a specific IPv4-only version
The IPv6 version is wrong (if sub1 contains sub2 then neither of sub1's endpoints will be detected as "inrange" of sub2 and result will be incorrect: this logic error has been fixed recently in other code too)
Bad data isn't detected - this still isn't detected for compatibility and is tagged "FIXME" instead to look at in future. Reason - not to break anything, at present always returns "overlap = true/false", not "true/false/invalid input".
because CIDR overlap implies containment, the IPv4 version uses a very efficient logic, namely calculates largest size subnet and checks this is same for both. Adopting this for both, and simplifying, makes these functions far "neater"
The old v4 version allowed for non-numeric $bits which doesn't make sense and I've omitted. Cannot think of a single situation where we would provide empty or bad data when we actually mean a /32 single IP.
Solution in this commit - a canonical "overlap" test (IPv4/IPv6 agnostic), IPv4/v6 "overlap" versions that actually do the work, in each case using the same logic as the old v4 (identify largest bit size and test if subnets created are valid and identical), and tag lack of "bad data" detection as fixme for now, returning FALSE instead to avoid breaking anything until fixed. Should be transparent from outside.