From 873f1c394a76e8c4fad0804c673474fb95f82ff3 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 8 Dec 2017 16:54:51 +0100
Subject: [PATCH] static routes, add address familly validation for
 https://github.com/opnsense/core/issues/1774

---
 .../mvc/app/models/OPNsense/Routes/Route.php  | 37 +++++++++++++++++++
 .../mvc/app/models/OPNsense/Routes/Route.xml  |  2 +
 2 files changed, 39 insertions(+)

diff --git a/src/opnsense/mvc/app/models/OPNsense/Routes/Route.php b/src/opnsense/mvc/app/models/OPNsense/Routes/Route.php
index a789de612..dbc647f88 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Routes/Route.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Routes/Route.php
@@ -1,6 +1,7 @@
 <?php
 /**
  *    Copyright (C) 2017 Fabian Franz
+ *    Copyright (C) 2015-2017 Deciso B.V.
  *
  *    All rights reserved.
  *
@@ -36,4 +37,40 @@ use OPNsense\Base\BaseModel;
  */
 class Route extends BaseModel
 {
+    /**
+     * extended validations
+     * @param bool $validateFullModel validate full model or only changed fields
+     * @return \Phalcon\Validation\Message\Group
+     */
+    public function performValidation($validateFullModel = false)
+    {
+        // perform standard validations
+        $result = parent::performValidation($validateFullModel);
+        // add validation for gateway / network
+        foreach ($this->getFlatNodes() as $key => $node) {
+                if (($validateFullModel || $node->isFieldChanged())) {
+                    // if either the gateway or network changes, we validate protocols.
+                    // Use specified message from regular validators to report issues back to the user
+                    if (in_array($node->getInternalXMLTagName(), array("gateway", "network"))){
+                        $route = $node->getParentNode();
+                        $proto_net = strpos($route->network, ':') === false ? "inet" : "inet6";
+                        // Gateway addresses are stored in the result list received from configd.
+                        // Unfortunately we can't trust the config here, so we use the list results here.
+                        $gateway = $route->gateway->getNodeData()[(string)$route->gateway];
+                        $tmp = explode("-", $gateway['value']);
+                        $gateway_ip = !empty($tmp) ? end($tmp) : "";
+                        $gateway_proto = strpos($gateway_ip, ":") !== false ? "inet6" : "inet";
+                        // When protocols don't match, add a message for this field to the validation result.
+                        if (empty($gateway_ip) || $gateway_proto != $proto_net) {
+                            $node_validators = $node->getValidators();
+                            $result->appendMessage(new \Phalcon\Validation\Message(
+                                $node_validators[0]->getOption("message"), $key)
+                            );
+                        }
+
+                    }
+                }
+        }
+        return $result;
+    }
 }
diff --git a/src/opnsense/mvc/app/models/OPNsense/Routes/Route.xml b/src/opnsense/mvc/app/models/OPNsense/Routes/Route.xml
index dfcba44ea..16f00e04a 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Routes/Route.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Routes/Route.xml
@@ -6,12 +6,14 @@
           <network type="NetworkField">
             <NetMaskRequired>Y</NetMaskRequired>
             <Required>Y</Required>
+            <ValidationMessage>Specify a valid network matching the gateways ip protocol.</ValidationMessage>
           </network>
           <gateway type="JsonKeyValueStoreField">
             <Required>Y</Required>
             <ConfigdPopulateAct>interface gateways list</ConfigdPopulateAct>
             <SourceFile>/tmp/gateway_list.json</SourceFile>
             <ConfigdPopulateTTL>20</ConfigdPopulateTTL>
+            <ValidationMessage>Specify a valid gateway from the list matching the networks ip protocol.</ValidationMessage>
           </gateway>
           <descr type="TextField">
             <Required>N</Required>