Message ID | 015101d5083e$bd9327b0$38b97710$@bluewin.ch |
---|---|
State | Superseded |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 0A0DD88A788 for <patchwork@web07.i.ipfire.org>; Sat, 11 May 2019 22:16:12 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 451fyM4nb0z5L72X; Sat, 11 May 2019 22:16:11 +0100 (BST) Received: from vimdzmsp-sfwd06.bluewin.ch (vimdzmsp-sfwd06.bluewin.ch [195.186.227.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 451fyJ6SwPz5L725 for <development@lists.ipfire.org>; Sat, 11 May 2019 22:16:08 +0100 (BST) Received: from SATANAS ([178.198.13.2]) by vimdzmsp-sfwd06.bluewin.ch Swisscom AG with SMTP id PZLchE2eo7QTMPZLch9U94; Sat, 11 May 2019 23:16:02 +0200 X-Bluewin-Spam-Analysis: v=2.1 cv=D+yKUqlj c=1 sm=1 tr=0 a=YHE3FDuBGPdfKus2i3ZD5A==:117 a=YHE3FDuBGPdfKus2i3ZD5A==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=kj9zAlcOel0A:10 a=_8PAz4wwMYUOMQfZAb4A:9 a=CjuIK1q_8ugA:10 X-Bluewin-Spam-Score: 0.00 X-FXIT-IP: IPv4[178.198.13.2] Epoch[1557609362] X-Bluewin-AuthAs: oliver.fuhrer@bluewin.ch From: <oliver.fuhrer@bluewin.ch> To: "'IPFire: Development-List'" <development@lists.ipfire.org> References: <1557608298-17016-1-git-send-email-oliver.fuhrer@bluewin.ch> In-Reply-To: <1557608298-17016-1-git-send-email-oliver.fuhrer@bluewin.ch> Subject: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat Date: Sat, 11 May 2019 23:16:01 +0200 Message-ID: <015101d5083e$bd9327b0$38b97710$@bluewin.ch> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGHlU6jPP2NN/Y9fpVSE83B3bc0CqcBTjlA Content-Language: en-us X-CMAE-Envelope: MS4wfGdpIJ1XIOSTrhXmg1EabDJB+ra/gcX9/1SKJjeuc6Q+UaL2ioxgG4tnTpqkKCzECOiAB3wAyc8hUnAK4K4T7gpTTJ996VKqLZ/KZ5ENDXKJ9KaICmDs 5Lf58/RJLpfiHjb3vHkEwxRPFd3b87bf2aXIka+Xb2sV8RlyTAPlVX3JGDyXvCVoCJyjsu309jNKGQ== Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none; spf=pass (mail01.ipfire.org: domain of oliver.fuhrer@bluewin.ch designates 195.186.227.133 as permitted sender) smtp.mailfrom=oliver.fuhrer@bluewin.ch X-Rspamd-Queue-Id: 451fyJ6SwPz5L725 X-Spamd-Result: default: False [-5.48 / 11.00]; ARC_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[133.227.186.195.list.dnswl.org : 127.0.5.1]; RCVD_TLS_LAST(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.186.227.0/24]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[bluewin.ch]; RCPT_COUNT_ONE(0.00)[1]; RECEIVED_SPAMHAUS_PBL(0.00)[2.13.198.178.zen.spamhaus.org : 127.0.0.11]; IP_SCORE(-0.63)[asn: 3303(-3.13), country: CH(-0.05)]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[mx-v01.bluewin.ch,mx-v02.bluewin.ch,mxbw.lb.bluewin.ch]; FROM_NO_DN(0.00)[]; NEURAL_HAM(-1.43)[-0.478,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:3303, ipnet:195.186.0.0/16, country:CH]; MID_RHS_MATCH_FROM(0.00)[]; BAYES_HAM(-3.00)[99.99%]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
BUG 11696: VPN Subnets missing from wpad.dat
|
|
Commit Message
Oliver Fuhrer
May 12, 2019, 7:16 a.m. UTC
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. As I currently don't have any OpenVPN n2n connections, therefore I could not fully test this part, however some dry-runs looked rather promising. Regards Oliver --- html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; } + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
Comments
Hello Oliver, Thanks for sending the patch. Unfortunately it got line-wrapped. Could you have a look why that has happened? -Michael > On 11 May 2019, at 22:16, <oliver.fuhrer@bluewin.ch> <oliver.fuhrer@bluewin.ch> wrote: > > This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > subnets to wpad.dat so they don't pass through the proxy. > As I currently don't have any OpenVPN n2n connections, therefore I could not > fully test this part, however some dry-runs looked rather promising. > > Regards > Oliver > > --- > html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index 6daa7fb..e7ee1f3 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -2738,6 +2738,10 @@ sub write_acls > > sub writepacfile > { > + my %vpnconfig=(); > + my %ovpnconfig=(); > + &General::readhasharray("${General::swroot}/vpn/config", > \%vpnconfig); > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > \%ovpnconfig); > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > flock(FILE, 2); > print FILE "function FindProxyForURL(url, host)\n"; > @@ -2763,6 +2767,26 @@ END > print FILE " (isInNet(host, > \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) > ||\n"; > } > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > 'host') { > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + $vpnsub = > &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > + } > + } > + } > + > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne > 'host') { > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > + } > + } > + } > print FILE <<END > (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > -- > 1.8.3.1 > >
Hello Oliver, in case you are submitting patches via MUA, this might be helpful: https://wiki.ipfire.org/devel/send-tb-patches Thanks, and best regards, Peter Müller > Hello Oliver, > > Thanks for sending the patch. Unfortunately it got line-wrapped. > > Could you have a look why that has happened? > > -Michael > -- The road to Hades is easy to travel. -- Bion of Borysthenes
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac");