T7458: Fix VPN IPsec unexpected passthrough logic bug

VPN IPsec unexpected passthrough logic bug was introduced in this
commit https://github.com/vyos/vyos-1x/commit/f480346bb8e934b1ce2e0fc3be23f7168273bba1
The correct behaviour of the `cidr_fit` was replaced with the
incorrect `overlap`

This way, the passthrough option is used every time when networks overlap.

```
>>> from ipaddress import ip_network
>>>
>>> a = ip_network('192.0.2.0/24')
>>> b = ip_network('192.0.2.100/30')
>>>
>>> a.overlaps(b)
True
>>>
>>> b.overlaps(a)
True
>>>
```

But there should be `subnet_of`:
```
>>> a.subnet_of(b)
False
>>>
>>> b.subnet_of(a)
True
>>>
```

In configuration it looks like
```
set vpn ipsec site-to-site peer RIGHT tunnel 0 local prefix '192.0.2.0/24'
set vpn ipsec site-to-site peer RIGHT tunnel 0 remote prefix '192.0.2.100/30'
```
The StrongSwan unexpected configuration:
```
            RIGHT-tunnel-0-passthrough {
                local_ts = 192.0.2.0/24
                remote_ts = 192.0.2.0/24
                start_action = trap
                mode = pass
            }
```

So all outcoming traffic to the 192.0.2.0/24 pass through the main routing
table instead of out SA

Use `subnet_of` to fix this

1 files changed, 1 insertions, 1 deletions

diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 2754314f7..ac25cd671 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -727,7 +727,7 @@ def generate(ipsec):
                         for remote_prefix in remote_prefixes:
                             local_net = ipaddress.ip_network(local_prefix)
                             remote_net = ipaddress.ip_network(remote_prefix)
-                            if local_net.overlaps(remote_net):
+                            if local_net.subnet_of(remote_net):
                                 if passthrough is None:
                                     passthrough = []
                                 passthrough.append(local_prefix)