CARP vhid must be unique _for a given interface_ (or more exactly L2 segment)

zerodeux · web-flow · commit 0f7d53b82cfe · 2021-03-11T18:57:26.000+01:00
See #100
diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIFirewallVirtualIPCreate.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIFirewallVirtualIPCreate.inc
@@ -105,7 +105,7 @@ class APIFirewallVirtualIPCreate extends APIModel {
         if ($this->validated_data["mode"] === "carp") {
             # Check for our optional 'vhid' payload value. Assume default if none was specified.
             if (isset($this->initial_data['vhid'])) {
-                if ($this->__vhid_exists($this->initial_data['vhid'])) {
+                if ($this->__vhid_exists($this->initial_data["interface"], $this->initial_data['vhid'])) {
                     $this->errors[] = APIResponse\get(4027);
                 } elseif (1 > $this->initial_data['vhid'] or $this->initial_data['vhid'] > 255) {
                     $this->errors[] = APIResponse\get(4028);
@@ -153,14 +153,14 @@ class APIFirewallVirtualIPCreate extends APIModel {
         $this->validated_data["type"] = "network";
     }
 
-    private function __vhid_exists($vhid) {
+    private function __vhid_exists($interface, $vhid) {
         # Loop through each virtual IP and ensure it is not using the requested vhid
         foreach ($this->config["virtualip"]["vip"] as $vip) {
-            if (intval($vhid) === intval($vip["vhid"])) {
+            if ($interface === $vip["interface"] && intval($vhid) === intval($vip["vhid"])) {
                 return true;
             }
         }
         return false;
     }
 
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ class APIFirewallVirtualIPCreate extends APIModel {`
`105`	`105`	`if ($this->validated_data["mode"] === "carp") {`
`106`	`106`	`# Check for our optional 'vhid' payload value. Assume default if none was specified.`
`107`	`107`	`if (isset($this->initial_data['vhid'])) {`
`108`		`- if ($this->__vhid_exists($this->initial_data['vhid'])) {`
	`108`	`+ if ($this->__vhid_exists($this->initial_data["interface"], $this->initial_data['vhid'])) {`
`109`	`109`	`$this->errors[] = APIResponse\get(4027);`
`110`	`110`	`} elseif (1 > $this->initial_data['vhid'] or $this->initial_data['vhid'] > 255) {`
`111`	`111`	`$this->errors[] = APIResponse\get(4028);`
`@@ -153,14 +153,14 @@ class APIFirewallVirtualIPCreate extends APIModel {`
`153`	`153`	`$this->validated_data["type"] = "network";`
`154`	`154`	`}`
`155`	`155`
`156`		`- private function __vhid_exists($vhid) {`
	`156`	`+ private function __vhid_exists($interface, $vhid) {`
`157`	`157`	`# Loop through each virtual IP and ensure it is not using the requested vhid`
`158`	`158`	`foreach ($this->config["virtualip"]["vip"] as $vip) {`
`159`		`- if (intval($vhid) === intval($vip["vhid"])) {`
	`159`	`+ if ($interface === $vip["interface"] && intval($vhid) === intval($vip["vhid"])) {`
`160`	`160`	`return true;`
`161`	`161`	`}`
`162`	`162`	`}`
`163`	`163`	`return false;`
`164`	`164`	`}`
`165`	`165`
`166`		`-}`
	`166`	`+}`