| Message ID | 008901d3d8ea$a7c0be90$f7423bb0$@bluewin.ch |
|---|---|
| State | Dropped |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id 73691602CE for <patchwork@web02.i.ipfire.org>; Fri, 20 Apr 2018 23:00:53 +0200 (CEST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 9E0FD10F6E96; Fri, 20 Apr 2018 22:00:52 +0100 (BST) Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=oliver.fuhrer@bluewin.ch Received: from vimdzmsp-sfwd01.bluewin.ch (vimdzmsp-sfwd01.bluewin.ch [195.186.120.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 3E013108B8B7 for <development@lists.ipfire.org>; Fri, 20 Apr 2018 22:00:50 +0100 (BST) Received: from SATANAS ([85.5.193.20]) by vimdzmsp-sfwd01.bluewin.ch Swisscom AG with SMTP id 9d9Af9b4gjnEf9d9Af4JHE; Fri, 20 Apr 2018 23:00:44 +0200 X-Bluewin-Spam-Analysis: v=2.1 cv=fKf0pcue c=1 sm=1 tr=0 a=yaV7cdQwoOBJmahzhWOhlA==:117 a=yaV7cdQwoOBJmahzhWOhlA==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=kj9zAlcOel0A:10 a=0G1SjJUUhcm6C0VCQRoA:9 a=CjuIK1q_8ugA:10 X-Bluewin-Spam-Score: 0.00 X-FXIT-IP: IPv4[85.5.193.20] Epoch[1524258044] X-Bluewin-AuthAs: oliver.fuhrer@bluewin.ch From: "Oliver Fuhrer" <oliver.fuhrer@bluewin.ch> To: <development@lists.ipfire.org> Subject: [PATCH] BUG: 11696 - VPN Subnets missing from wpad.dat Date: Fri, 20 Apr 2018 23:00:46 +0200 Message-ID: <008901d3d8ea$a7c0be90$f7423bb0$@bluewin.ch> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdPY4+A7A7VglK5TQfSOScf8o07i6A== Content-Language: de-ch X-CMAE-Envelope: MS4wfIY0ABrO0Wi6d/YIcW4RhSL+tCTdEPuVz7R7pUf2wHAjUsHo3lrWHGbazG4dXpI1VWgZw/+OEEdFy8WUmdZIHbjSrXSX4J/3iMyLC7ybn1Py0pnLOccN ezHaX992c9cxfWOnrfwu4sXtk8iLAK1SpkNdysg1J7ej0WjuS08otqOd X-Spamd-Result: default: False [-3.26 / 11.00]; DMARC_NA(0.00)[bluewin.ch]; FROM_HAS_DN(0.00)[]; MX_GOOD(-0.01)[mxbw.lb.bluewin.ch]; R_DKIM_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.50)[131.120.186.195.list.dnswl.org : 127.0.5.1]; BAYES_HAM(-2.45)[97.49%]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.186.120.0/24]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_NONE(0.00)[]; RECEIVED_SPAMHAUS(0.00)[20.193.5.85.zen.spamhaus.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RWL_MAILSPIKE_POSSIBLE(0.00)[131.120.186.195.rep.mailspike.net : 127.0.0.17]; ARC_NA(0.00)[]; ASN(0.00)[asn:3303, ipnet:195.186.0.0/16, country:CH]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[] X-Spam-Status: No, score=-3.26 X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
BUG: 11696 - VPN Subnets missing from wpad.dat
|
|
Commit Message
Oliver Fuhrer
April 21, 2018, 7 a.m. UTC
This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they
don't go through the proxy.
I could only test it with ipsec tunnels, however as the code for openvpn is
pretty much the same, I included this one as well and some basic tests
worked as expected.
As I'm not very familiar with Perl, there probably is some room for
improvement too.
Regards
Oliver
flock(FILE, 2);
print FILE "function FindProxyForURL(url, host)\n";
@@ -3039,6 +3044,26 @@ END
print FILE " (isInNet(host,
\"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\"))
||\n";
}
+ foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
+ if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
'host') {
+ my @networks = split(/\|/, $vpnconfig{$key}[11]);
+ foreach my $network (@networks) {
+ my ($vpnip, $vpnsub) = split("/", $network);
+ $vpnsub =
&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
+ print FILE " (isInNet(host, \"$vpnip\",
\"$vpnsub\")) ||\n";
+ }
+ }
+ }
+
+ foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
+ if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne
'host') {
+ my @networks = split(/\|/, $ovpnconfig{$key}[11]);
+ foreach my $network (@networks) {
+ my ($vpnip, $vpnsub) = split("/",
$network);
+ print FILE " (isInNet(host, \"$vpnip\",
\"$vpnsub\")) ||\n";
+ }
+ }
+ }
print FILE <<END
(isInNet(host, "169.254.0.0", "255.255.0.0"))
)
--
Comments
Hello Oliver, welcome to the list. Unfortunately the patch has been fragmented by your email program. The lines have been wrapped and the patch won't apply any more. Could you please check the settings of your email program and submit again? Best, -Michael On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote: > This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they > don't go through the proxy. > I could only test it with ipsec tunnels, however as the code for openvpn is > pretty much the same, I included this one as well and some basic tests > worked as expected. > As I'm not very familiar with Perl, there probably is some room for > improvement too. > > Regards > Oliver > > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index c36fc4e..69bfdd4 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -3014,6 +3014,11 @@ sub write_acls > > sub writepacfile > { > + my %vpnconfig=(); > + my %ovpnconfig=(); > + &General::readhasharray("${General::swroot}/vpn/config", > \%vpnconfig); > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > \%ovpnconfig); > + > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > flock(FILE, 2); > print FILE "function FindProxyForURL(url, host)\n"; > @@ -3039,6 +3044,26 @@ END > print FILE " (isInNet(host, > \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) > > > \n"; > > } > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > 'host') { > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + $vpnsub = > &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > + } > + } > + } > + > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne > 'host') { > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", > $network); > + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > + } > + } > + } > print FILE <<END > (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > -- >
Hello, > Hello Oliver, > > welcome to the list. > > Unfortunately the patch has been fragmented by your email program. The lines > have been wrapped and the patch won't apply any more. Could you please check the > settings of your email program and submit again? In case of Thunderbird, this might be helpful: https://wiki.ipfire.org/devel/send-tb-patches Best regards, Peter Müller > > Best, > -Michael > > On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote: >> This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they >> don't go through the proxy. >> I could only test it with ipsec tunnels, however as the code for openvpn is >> pretty much the same, I included this one as well and some basic tests >> worked as expected. >> As I'm not very familiar with Perl, there probably is some room for >> improvement too. >> >> Regards >> Oliver >> >> >> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >> index c36fc4e..69bfdd4 100644 >> --- a/html/cgi-bin/proxy.cgi >> +++ b/html/cgi-bin/proxy.cgi >> @@ -3014,6 +3014,11 @@ sub write_acls >> >> sub writepacfile >> { >> + my %vpnconfig=(); >> + my %ovpnconfig=(); >> + &General::readhasharray("${General::swroot}/vpn/config", >> \%vpnconfig); >> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", >> \%ovpnconfig); >> + >> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); >> flock(FILE, 2); >> print FILE "function FindProxyForURL(url, host)\n"; >> @@ -3039,6 +3044,26 @@ END >> print FILE " (isInNet(host, >> \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) >>>> \n"; >> >> } >> >> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp >> uc($vpnconfig{$b}[1]) } keys %vpnconfig) { >> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne >> 'host') { >> + my @networks = split(/\|/, $vpnconfig{$key}[11]); >> + foreach my $network (@networks) { >> + my ($vpnip, $vpnsub) = split("/", $network); >> + $vpnsub = >> &Network::convert_prefix2netmask($vpnsub) || $vpnsub; >> + print FILE " (isInNet(host, \"$vpnip\", >> \"$vpnsub\")) ||\n"; >> + } >> + } >> + } >> + >> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp >> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { >> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne >> 'host') { >> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); >> + foreach my $network (@networks) { >> + my ($vpnip, $vpnsub) = split("/", >> $network); >> + print FILE " (isInNet(host, \"$vpnip\", >> \"$vpnsub\")) ||\n"; >> + } >> + } >> + } >> print FILE <<END >> (isInNet(host, "169.254.0.0", "255.255.0.0")) >> ) >> -- >>
On Tue, 2018-04-24 at 16:34 +0200, Peter Müller wrote: > Hello, > > Hello Oliver, > > > > welcome to the list. > > > > Unfortunately the patch has been fragmented by your email program. The lines > > have been wrapped and the patch won't apply any more. Could you please check > > the > > settings of your email program and submit again? > > In case of Thunderbird, this might be helpful: > https://wiki.ipfire.org/devel/send-tb-patches That article is quite hidden. Would you like to change the chapter on the "submitting patches" page so that it is obvious that it has some clues about how to configure an MTA? -Michael > > Best regards, > Peter Müller > > > > Best, > > -Michael > > > > On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote: > > > This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so > > > they > > > don't go through the proxy. > > > I could only test it with ipsec tunnels, however as the code for openvpn > > > is > > > pretty much the same, I included this one as well and some basic tests > > > worked as expected. > > > As I'm not very familiar with Perl, there probably is some room for > > > improvement too. > > > > > > Regards > > > Oliver > > > > > > > > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > > > index c36fc4e..69bfdd4 100644 > > > --- a/html/cgi-bin/proxy.cgi > > > +++ b/html/cgi-bin/proxy.cgi > > > @@ -3014,6 +3014,11 @@ sub write_acls > > > > > > sub writepacfile > > > { > > > + my %vpnconfig=(); > > > + my %ovpnconfig=(); > > > + &General::readhasharray("${General::swroot}/vpn/config", > > > \%vpnconfig); > > > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > > > \%ovpnconfig); > > > + > > > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > > > flock(FILE, 2); > > > print FILE "function FindProxyForURL(url, host)\n"; > > > @@ -3039,6 +3044,26 @@ END > > > print FILE " (isInNet(host, > > > \"$netsettings{'ORANGE_NETADDRESS'}\", > > > \"$netsettings{'ORANGE_NETMASK'}\")) > > > > > \n"; > > > > > > } > > > > > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > > > uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > > > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > > > 'host') { > > > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > > > + foreach my $network (@networks) { > > > + my ($vpnip, $vpnsub) = split("/", > > > $network); > > > + $vpnsub = > > > &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > > > + print FILE " (isInNet(host, > > > \"$vpnip\", > > > \"$vpnsub\")) ||\n"; > > > + } > > > + } > > > + } > > > + > > > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > > > uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > > > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] > > > ne > > > 'host') { > > > + my @networks = split(/\|/, > > > $ovpnconfig{$key}[11]); > > > + foreach my $network (@networks) { > > > + my ($vpnip, $vpnsub) = split("/", > > > $network); > > > + print FILE " (isInNet(host, > > > \"$vpnip\", > > > \"$vpnsub\")) ||\n"; > > > + } > > > + } > > > + } > > > print FILE <<END > > > (isInNet(host, "169.254.0.0", "255.255.0.0")) > > > ) > > > -- > > >
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index c36fc4e..69bfdd4 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3014,6 +3014,11 @@ sub write_acls sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); + open(FILE, ">/srv/web/ipfire/html/proxy.pac");