From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: [PATCH] Squid: Exclude remote OpenVPN-N2N subnet from transparent proxy
Date: Tue, 19 Jun 2018 11:39:24 +0100
Message-ID: <7ead9291191f6a2b41aecc2393b21a00597992c3.camel@ipfire.org>
In-Reply-To: <1529346727-14526-1-git-send-email-erik.kapfer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8535678594780214912=="
List-Id: <development.lists.ipfire.org>

--===============8535678594780214912==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hi,

I think we have to rework that code a litte. It is hard to understand.

On Mon, 2018-06-18 at 20:32 +0200, Erik Kapfer wrote:
> Patch is from bug #11614
> With the please to deliver it for further review to the dev mailinglist.
> 
> Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
> ---
>  src/initscripts/system/squid | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid
> index 7255c0a..267a416 100644
> --- a/src/initscripts/system/squid
> +++ b/src/initscripts/system/squid
> @@ -37,6 +37,17 @@ transparent() {
>  		iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk
> -F, '{ print $13 }'` --dport 80 -j RETURN
>  		done < $FILE
>  
> +		FILE=/var/ipfire/ovpn/ovpnconfig

Not sure why this is variable since it is only used once.

> +
> +		while read LINE; do
> +			let COUNT=$COUNT+1

COUNT is never initialized and never used either.

> +			CONN_TYPE=`echo "$LINE" | awk -F, '{ print $5 }'`
> +			if [ "$CONN_TYPE" != "net" ]; then
> +				continue
> +			fi

The following iptables line is missing a tab.

> +		iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk
> -F, '{ print $13 }'` --dport 80 -j RETURN

It is not clear what the command should be like.

I think it is best to use while read ...; do ... done to walk through the file
line by line and put the values into a variable with a good name. That will
avoid confusion later.

> +		done < $FILE
> +
>  		if [ "$RED_TYPE" == "STATIC" ]; then
>  			iptables -t nat -A SQUID -i $1 -p tcp -d
> $RED_NETADDRESS/$RED_NETMASK --dport 80 -j RETURN
>  		fi

Erik, would you please rework this patch?

Best,
-Michael

--===============8535678594780214912==--