[pve-devel] [PATCH pve-firewall 2/2] local_network: ipv6 support + correctness

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Jul 28 08:46:05 CEST 2015


Net::IP->overlaps returns more than just true or false, as
it tests both directions, we need IP_B_IN_A_OVERLAP in our
test.
Removed return on mask eq '0.0.0.0' as this doesn't exist in
the $ipv4_mask_hash_localnet.
---
 src/PVE/Firewall.pm | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 97450c6..1286238 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -899,14 +899,20 @@ sub local_network {
 
 	my $testip = Net::IP->new($ip);
 
-	my $routes = PVE::ProcFSTools::read_proc_net_route();
+	my $isv6 = $testip->version == 6;
+	my $routes = $isv6 ? PVE::ProcFSTools::read_proc_net_ipv6_route()
+	                   : PVE::ProcFSTools::read_proc_net_route();
 	foreach my $entry (@$routes) {
-	    my $mask = $ipv4_mask_hash_localnet->{$entry->{mask}};
-	    next if !defined($mask);
-	    return if $mask eq '0.0.0.0';
+	    my $mask;
+	    if ($isv6) {
+		$mask = $entry->{prefix};
+	    } else {
+		$mask = $ipv4_mask_hash_localnet->{$entry->{mask}};
+		next if !defined($mask);
+	    }
 	    my $cidr = "$entry->{dest}/$mask";
 	    my $testnet = Net::IP->new($cidr);
-	    if ($testnet->overlaps($testip)) {
+	    if ($testnet->overlaps($testip) == $Net::IP::IP_B_IN_A_OVERLAP) {
 		$__local_network = $cidr;
 		return;
 	    }
-- 
2.1.4




More information about the pve-devel mailing list