* [PATCH] BUG 11696: VPN Subnets missing from wpad.dat [not found] <1557608298-17016-1-git-send-email-oliver.fuhrer@bluewin.ch> @ 2019-05-11 21:16 ` oliver.fuhrer 2019-05-13 15:16 ` Michael Tremer 0 siblings, 1 reply; 8+ messages in thread From: oliver.fuhrer @ 2019-05-11 21:16 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2013 bytes --] This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. As I currently don't have any OpenVPN n2n connections, therefore I could not fully test this part, however some dry-runs looked rather promising. Regards Oliver --- html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; } + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) ) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat 2019-05-11 21:16 ` [PATCH] BUG 11696: VPN Subnets missing from wpad.dat oliver.fuhrer @ 2019-05-13 15:16 ` Michael Tremer 2019-05-13 15:41 ` Sending patches via MUA (was: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat) Peter Müller 0 siblings, 1 reply; 8+ messages in thread From: Michael Tremer @ 2019-05-13 15:16 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2451 bytes --] Hello Oliver, Thanks for sending the patch. Unfortunately it got line-wrapped. Could you have a look why that has happened? -Michael > On 11 May 2019, at 22:16, <oliver.fuhrer(a)bluewin.ch> <oliver.fuhrer(a)bluewin.ch> wrote: > > This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > subnets to wpad.dat so they don't pass through the proxy. > As I currently don't have any OpenVPN n2n connections, therefore I could not > fully test this part, however some dry-runs looked rather promising. > > Regards > Oliver > > --- > html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index 6daa7fb..e7ee1f3 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -2738,6 +2738,10 @@ sub write_acls > > sub writepacfile > { > + my %vpnconfig=(); > + my %ovpnconfig=(); > + &General::readhasharray("${General::swroot}/vpn/config", > \%vpnconfig); > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > \%ovpnconfig); > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > flock(FILE, 2); > print FILE "function FindProxyForURL(url, host)\n"; > @@ -2763,6 +2767,26 @@ END > print FILE " (isInNet(host, > \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) > ||\n"; > } > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > 'host') { > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + $vpnsub = > &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > + } > + } > + } > + > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne > 'host') { > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > + } > + } > + } > print FILE <<END > (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > -- > 1.8.3.1 > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Sending patches via MUA (was: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat) 2019-05-13 15:16 ` Michael Tremer @ 2019-05-13 15:41 ` Peter Müller 0 siblings, 0 replies; 8+ messages in thread From: Peter Müller @ 2019-05-13 15:41 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 387 bytes --] Hello Oliver, in case you are submitting patches via MUA, this might be helpful: https://wiki.ipfire.org/devel/send-tb-patches Thanks, and best regards, Peter Müller > Hello Oliver, > > Thanks for sending the patch. Unfortunately it got line-wrapped. > > Could you have a look why that has happened? > > -Michael > -- The road to Hades is easy to travel. -- Bion of Borysthenes ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] BUG 11696: VPN Subnets missing from wpad.dat @ 2019-05-13 18:33 Oliver Fuhrer 2019-05-17 21:32 ` Michael Tremer 0 siblings, 1 reply; 8+ messages in thread From: Oliver Fuhrer @ 2019-05-13 18:33 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2241 bytes --] This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. --- Hi All Apologies for the line-wrapping mess with the previous attempt. Looks like Outlook isn't up for the task. This Message is now sent directly via git, which should hopefully fix the issue. As I currently don't have any OpenVPN n2n connections, I could not fully test this part, however some dry-runs looked rather promising html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; } + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) ) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat 2019-05-13 18:33 [PATCH] BUG 11696: VPN Subnets missing from wpad.dat Oliver Fuhrer @ 2019-05-17 21:32 ` Michael Tremer 2019-05-17 23:50 ` Oliver Fuhrer 0 siblings, 1 reply; 8+ messages in thread From: Michael Tremer @ 2019-05-17 21:32 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 3442 bytes --] Hi Oliver, I am afraid I wasn’t able to apply this patch either: [root(a)ipfire ipfire-2.x]# pwclient git-am -s 2251 Applying patch #2251 using "git am -s" Description: BUG 11696: VPN Subnets missing from wpad.dat Applying: BUG 11696: VPN Subnets missing from wpad.dat error: patch failed: html/cgi-bin/proxy.cgi:2763 error: html/cgi-bin/proxy.cgi: patch does not apply Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128 I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems. Did you develop this on top of the next branch or did you add your changes to an older version of the file? Best, -Michael > On 13 May 2019, at 19:33, Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> wrote: > > This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > subnets to wpad.dat so they don't pass through the proxy. > --- > Hi All > Apologies for the line-wrapping mess with the previous attempt. > Looks like Outlook isn't up for the task. > This Message is now sent directly via git, which should hopefully fix the issue. > > As I currently don't have any OpenVPN n2n connections, I could not > fully test this part, however some dry-runs looked rather promising > > > html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index 6daa7fb..e7ee1f3 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -2738,6 +2738,10 @@ sub write_acls > > sub writepacfile > { > + my %vpnconfig=(); > + my %ovpnconfig=(); > + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > flock(FILE, 2); > print FILE "function FindProxyForURL(url, host)\n"; > @@ -2763,6 +2767,26 @@ END > print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; > } > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > + > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > print FILE <<END > (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > -- > 1.8.3.1 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat 2019-05-17 21:32 ` Michael Tremer @ 2019-05-17 23:50 ` Oliver Fuhrer 2019-05-18 8:17 ` Michael Tremer 0 siblings, 1 reply; 8+ messages in thread From: Oliver Fuhrer @ 2019-05-17 23:50 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 4040 bytes --] Hi Michael Sorry for wasting your time with that patch. The patch was created against master branch which was up to date in my repo. I have now created a new one based on the next branch. Looks like there have been quite some changes to proxy.cgi. Let me know whether I should give this one a try. Regards Oliver -----Original Message----- From: Michael Tremer <michael.tremer(a)ipfire.org> Sent: Friday, May 17, 2019 23:33 To: Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> Cc: development(a)lists.ipfire.org Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat Hi Oliver, I am afraid I wasn’t able to apply this patch either: [root(a)ipfire ipfire-2.x]# pwclient git-am -s 2251 Applying patch #2251 using "git am -s" Description: BUG 11696: VPN Subnets missing from wpad.dat Applying: BUG 11696: VPN Subnets missing from wpad.dat error: patch failed: html/cgi-bin/proxy.cgi:2763 error: html/cgi-bin/proxy.cgi: patch does not apply Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128 I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems. Did you develop this on top of the next branch or did you add your changes to an older version of the file? Best, -Michael > On 13 May 2019, at 19:33, Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> wrote: > > This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > subnets to wpad.dat so they don't pass through the proxy. > --- > Hi All > Apologies for the line-wrapping mess with the previous attempt. > Looks like Outlook isn't up for the task. > This Message is now sent directly via git, which should hopefully fix the issue. > > As I currently don't have any OpenVPN n2n connections, I could not > fully test this part, however some dry-runs looked rather promising > > > html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index 6daa7fb..e7ee1f3 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -2738,6 +2738,10 @@ sub write_acls > > sub writepacfile > { > + my %vpnconfig=(); > + my %ovpnconfig=(); > + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > flock(FILE, 2); > print FILE "function FindProxyForURL(url, host)\n"; > @@ -2763,6 +2767,26 @@ END > print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; > } > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > + > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > print FILE <<END > (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > -- > 1.8.3.1 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat 2019-05-17 23:50 ` Oliver Fuhrer @ 2019-05-18 8:17 ` Michael Tremer 2019-05-19 13:42 ` Oliver Fuhrer 0 siblings, 1 reply; 8+ messages in thread From: Michael Tremer @ 2019-05-18 8:17 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 4595 bytes --] Hi Oliver, > On 18 May 2019, at 00:50, Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> wrote: > > Hi Michael > > Sorry for wasting your time with that patch. LOL No worries. The main thing is we are getting this right. The good news is that it applied. There were just genuine conflicts with the other changes. > The patch was created against master branch which was up to date in my repo. > I have now created a new one based on the next branch. Looks like there have been quite some changes to proxy.cgi. > > Let me know whether I should give this one a try. If you have applied your changes to the new version of the file and tested them, you can send a third version of the file. Best, -Michael > > Regards > Oliver > > -----Original Message----- > From: Michael Tremer <michael.tremer(a)ipfire.org> > Sent: Friday, May 17, 2019 23:33 > To: Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> > Cc: development(a)lists.ipfire.org > Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat > > Hi Oliver, > > I am afraid I wasn’t able to apply this patch either: > > [root(a)ipfire ipfire-2.x]# pwclient git-am -s 2251 > Applying patch #2251 using "git am -s" > Description: BUG 11696: VPN Subnets missing from wpad.dat > Applying: BUG 11696: VPN Subnets missing from wpad.dat > error: patch failed: html/cgi-bin/proxy.cgi:2763 > error: html/cgi-bin/proxy.cgi: patch does not apply > Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat > The copy of the patch that failed is found in: .git/rebase-apply/patch > When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". > 'git am' failed with exit status 128 > > I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems. > > Did you develop this on top of the next branch or did you add your changes to an older version of the file? > > Best, > -Michael > >> On 13 May 2019, at 19:33, Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> wrote: >> >> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n >> subnets to wpad.dat so they don't pass through the proxy. >> --- >> Hi All >> Apologies for the line-wrapping mess with the previous attempt. >> Looks like Outlook isn't up for the task. >> This Message is now sent directly via git, which should hopefully fix the issue. >> >> As I currently don't have any OpenVPN n2n connections, I could not >> fully test this part, however some dry-runs looked rather promising >> >> >> html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ >> 1 file changed, 24 insertions(+) >> >> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >> index 6daa7fb..e7ee1f3 100644 >> --- a/html/cgi-bin/proxy.cgi >> +++ b/html/cgi-bin/proxy.cgi >> @@ -2738,6 +2738,10 @@ sub write_acls >> >> sub writepacfile >> { >> + my %vpnconfig=(); >> + my %ovpnconfig=(); >> + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); >> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); >> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); >> flock(FILE, 2); >> print FILE "function FindProxyForURL(url, host)\n"; >> @@ -2763,6 +2767,26 @@ END >> print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; >> } >> >> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { >> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { >> + my @networks = split(/\|/, $vpnconfig{$key}[11]); >> + foreach my $network (@networks) { >> + my ($vpnip, $vpnsub) = split("/", $network); >> + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; >> + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; >> + } >> + } >> + } >> + >> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { >> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { >> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); >> + foreach my $network (@networks) { >> + my ($vpnip, $vpnsub) = split("/", $network); >> + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; >> + } >> + } >> + } >> print FILE <<END >> (isInNet(host, "169.254.0.0", "255.255.0.0")) >> ) >> -- >> 1.8.3.1 >> > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat 2019-05-18 8:17 ` Michael Tremer @ 2019-05-19 13:42 ` Oliver Fuhrer 0 siblings, 0 replies; 8+ messages in thread From: Oliver Fuhrer @ 2019-05-19 13:42 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 5036 bytes --] Hi Michael > > Hi Oliver, > > > On 18 May 2019, at 00:50, Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> wrote: > > > > Hi Michael > > > > Sorry for wasting your time with that patch. > > LOL No worries. The main thing is we are getting this right. > > The good news is that it applied. There were just genuine conflicts with the > other changes. > > > The patch was created against master branch which was up to date in my > repo. > > I have now created a new one based on the next branch. Looks like there > have been quite some changes to proxy.cgi. > > > > Let me know whether I should give this one a try. > > If you have applied your changes to the new version of the file and tested > them, you can send a third version of the file. Thanks, I just sent in another version of the patch which was created against next branch and tested it on a fresh build. Regards Oliver > > Best, > -Michael > > > > > Regards > > Oliver > > > > -----Original Message----- > > From: Michael Tremer <michael.tremer(a)ipfire.org> > > Sent: Friday, May 17, 2019 23:33 > > To: Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> > > Cc: development(a)lists.ipfire.org > > Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat > > > > Hi Oliver, > > > > I am afraid I wasn’t able to apply this patch either: > > > > [root(a)ipfire ipfire-2.x]# pwclient git-am -s 2251 > > Applying patch #2251 using "git am -s" > > Description: BUG 11696: VPN Subnets missing from wpad.dat > > Applying: BUG 11696: VPN Subnets missing from wpad.dat > > error: patch failed: html/cgi-bin/proxy.cgi:2763 > > error: html/cgi-bin/proxy.cgi: patch does not apply > > Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat > > The copy of the patch that failed is found in: .git/rebase-apply/patch > > When you have resolved this problem, run "git am --continue". > > If you prefer to skip this patch, run "git am --skip" instead. > > To restore the original branch and stop patching, run "git am --abort". > > 'git am' failed with exit status 128 > > > > I tried to run a three-way merge, but there is literally a chunk of the file > that wasn’t there before it seems. > > > > Did you develop this on top of the next branch or did you add your changes > to an older version of the file? > > > > Best, > > -Michael > > > >> On 13 May 2019, at 19:33, Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> > wrote: > >> > >> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > >> subnets to wpad.dat so they don't pass through the proxy. > >> --- > >> Hi All > >> Apologies for the line-wrapping mess with the previous attempt. > >> Looks like Outlook isn't up for the task. > >> This Message is now sent directly via git, which should hopefully fix the > issue. > >> > >> As I currently don't have any OpenVPN n2n connections, I could not > >> fully test this part, however some dry-runs looked rather promising > >> > >> > >> html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ > >> 1 file changed, 24 insertions(+) > >> > >> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > >> index 6daa7fb..e7ee1f3 100644 > >> --- a/html/cgi-bin/proxy.cgi > >> +++ b/html/cgi-bin/proxy.cgi > >> @@ -2738,6 +2738,10 @@ sub write_acls > >> > >> sub writepacfile > >> { > >> + my %vpnconfig=(); > >> + my %ovpnconfig=(); > >> + &General::readhasharray("${General::swroot}/vpn/config", > \%vpnconfig); > >> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > \%ovpnconfig); > >> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > >> flock(FILE, 2); > >> print FILE "function FindProxyForURL(url, host)\n"; > >> @@ -2763,6 +2767,26 @@ END > >> print FILE " (isInNet(host, > \"$netsettings{'ORANGE_NETADDRESS'}\", > \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; > >> } > >> > >> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > >> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > 'host') { > >> + my @networks = split(/\|/, $vpnconfig{$key}[11]); > >> + foreach my $network (@networks) { > >> + my ($vpnip, $vpnsub) = split("/", $network); > >> + $vpnsub = > &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > >> + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > >> + } > >> + } > >> + } > >> + > >> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > >> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne > 'host') { > >> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > >> + foreach my $network (@networks) { > >> + my ($vpnip, $vpnsub) = split("/", $network); > >> + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > >> + } > >> + } > >> + } > >> print FILE <<END > >> (isInNet(host, "169.254.0.0", "255.255.0.0")) > >> ) > >> -- > >> 1.8.3.1 > >> > > > > ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-05-19 13:42 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <1557608298-17016-1-git-send-email-oliver.fuhrer@bluewin.ch>
2019-05-11 21:16 ` [PATCH] BUG 11696: VPN Subnets missing from wpad.dat oliver.fuhrer
2019-05-13 15:16 ` Michael Tremer
2019-05-13 15:41 ` Sending patches via MUA (was: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat) Peter Müller
2019-05-13 18:33 [PATCH] BUG 11696: VPN Subnets missing from wpad.dat Oliver Fuhrer
2019-05-17 21:32 ` Michael Tremer
2019-05-17 23:50 ` Oliver Fuhrer
2019-05-18 8:17 ` Michael Tremer
2019-05-19 13:42 ` Oliver Fuhrer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox