[pve-devel] [PATCH pve-firewall 2/2] local_network: ipv6 support + correctness
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Jul 28 08:46:05 CEST 2015
Net::IP->overlaps returns more than just true or false, as
it tests both directions, we need IP_B_IN_A_OVERLAP in our
test.
Removed return on mask eq '0.0.0.0' as this doesn't exist in
the $ipv4_mask_hash_localnet.
---
src/PVE/Firewall.pm | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 97450c6..1286238 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -899,14 +899,20 @@ sub local_network {
my $testip = Net::IP->new($ip);
- my $routes = PVE::ProcFSTools::read_proc_net_route();
+ my $isv6 = $testip->version == 6;
+ my $routes = $isv6 ? PVE::ProcFSTools::read_proc_net_ipv6_route()
+ : PVE::ProcFSTools::read_proc_net_route();
foreach my $entry (@$routes) {
- my $mask = $ipv4_mask_hash_localnet->{$entry->{mask}};
- next if !defined($mask);
- return if $mask eq '0.0.0.0';
+ my $mask;
+ if ($isv6) {
+ $mask = $entry->{prefix};
+ } else {
+ $mask = $ipv4_mask_hash_localnet->{$entry->{mask}};
+ next if !defined($mask);
+ }
my $cidr = "$entry->{dest}/$mask";
my $testnet = Net::IP->new($cidr);
- if ($testnet->overlaps($testip)) {
+ if ($testnet->overlaps($testip) == $Net::IP::IP_B_IN_A_OVERLAP) {
$__local_network = $cidr;
return;
}
--
2.1.4
More information about the pve-devel
mailing list