From patchwork Sun May 12 07:16:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Fuhrer X-Patchwork-Id: 2249 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 0A0DD88A788 for ; Sat, 11 May 2019 22:16:12 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 451fyM4nb0z5L72X; Sat, 11 May 2019 22:16:11 +0100 (BST) Received: from vimdzmsp-sfwd06.bluewin.ch (vimdzmsp-sfwd06.bluewin.ch [195.186.227.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 451fyJ6SwPz5L725 for ; Sat, 11 May 2019 22:16:08 +0100 (BST) Received: from SATANAS ([178.198.13.2]) by vimdzmsp-sfwd06.bluewin.ch Swisscom AG with SMTP id PZLchE2eo7QTMPZLch9U94; Sat, 11 May 2019 23:16:02 +0200 X-Bluewin-Spam-Analysis: v=2.1 cv=D+yKUqlj c=1 sm=1 tr=0 a=YHE3FDuBGPdfKus2i3ZD5A==:117 a=YHE3FDuBGPdfKus2i3ZD5A==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=kj9zAlcOel0A:10 a=_8PAz4wwMYUOMQfZAb4A:9 a=CjuIK1q_8ugA:10 X-Bluewin-Spam-Score: 0.00 X-FXIT-IP: IPv4[178.198.13.2] Epoch[1557609362] X-Bluewin-AuthAs: oliver.fuhrer@bluewin.ch From: To: "'IPFire: Development-List'" References: <1557608298-17016-1-git-send-email-oliver.fuhrer@bluewin.ch> In-Reply-To: <1557608298-17016-1-git-send-email-oliver.fuhrer@bluewin.ch> Subject: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat Date: Sat, 11 May 2019 23:16:01 +0200 Message-ID: <015101d5083e$bd9327b0$38b97710$@bluewin.ch> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGHlU6jPP2NN/Y9fpVSE83B3bc0CqcBTjlA Content-Language: en-us X-CMAE-Envelope: MS4wfGdpIJ1XIOSTrhXmg1EabDJB+ra/gcX9/1SKJjeuc6Q+UaL2ioxgG4tnTpqkKCzECOiAB3wAyc8hUnAK4K4T7gpTTJ996VKqLZ/KZ5ENDXKJ9KaICmDs 5Lf58/RJLpfiHjb3vHkEwxRPFd3b87bf2aXIka+Xb2sV8RlyTAPlVX3JGDyXvCVoCJyjsu309jNKGQ== Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none; spf=pass (mail01.ipfire.org: domain of oliver.fuhrer@bluewin.ch designates 195.186.227.133 as permitted sender) smtp.mailfrom=oliver.fuhrer@bluewin.ch X-Rspamd-Queue-Id: 451fyJ6SwPz5L725 X-Spamd-Result: default: False [-5.48 / 11.00]; ARC_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[133.227.186.195.list.dnswl.org : 127.0.5.1]; RCVD_TLS_LAST(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.186.227.0/24]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[bluewin.ch]; RCPT_COUNT_ONE(0.00)[1]; RECEIVED_SPAMHAUS_PBL(0.00)[2.13.198.178.zen.spamhaus.org : 127.0.0.11]; IP_SCORE(-0.63)[asn: 3303(-3.13), country: CH(-0.05)]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[mx-v01.bluewin.ch,mx-v02.bluewin.ch,mxbw.lb.bluewin.ch]; FROM_NO_DN(0.00)[]; NEURAL_HAM(-1.43)[-0.478,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:3303, ipnet:195.186.0.0/16, country:CH]; MID_RHS_MATCH_FROM(0.00)[]; BAYES_HAM(-3.00)[99.99%]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. As I currently don't have any OpenVPN n2n connections, therefore I could not fully test this part, however some dry-runs looked rather promising. Regards Oliver --- html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; } + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } print FILE </srv/web/ipfire/html/proxy.pac");