From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH v2] BUG 11696: VPN Subnets missing from wpad.dat Date: Thu, 23 May 2019 09:27:31 +0100 Message-ID: In-Reply-To: <00a401d510d7$f4cb60c0$de622240$@bluewin.ch> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5848053065323617713==" List-Id: --===============5848053065323617713== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Do you have a dev account and yet? Do you want one to have your Git repos on git.ipfire.org? -Michael > On 22 May 2019, at 20:52, Oliver Fuhrer wrote: >=20 > Hi Michael >=20 >> Yes please. >>=20 >> It would be great to have this all coming in one patchset in the future. T= hat >> keeps noise on the list down and allows us to review the whole thing in one >> go. >>=20 > OK, I'll then combine this enhancement patch with a fix for Bug #11047 and = some code improvement for #11614, however it might take a couple of days unti= l this ready to be sent. >=20 >> Are you planning to move this into a function that you will call from the >> various CGI files? >>=20 > I had a look at the code and I think, I hopefully got it right by moving my= code to general-functions.pl >=20 > Oliver >> -Michael >>=20 >>> On 20 May 2019, at 16:31, Oliver Fuhrer wrot= e: >>>=20 >>> Hi Michael, >>> You're welcome. >>> I have been poking around in vpnmain.cgi and ovpnmain.cgi to >> automatically update the wpad.dat file upon tunnel >> add/delete/enable/disable. >>> Should I send this one as feature? >>>=20 >>> Regards >>> Oliver >>>=20 >>>>=20 >>>> Hi, >>>>=20 >>>> Thank you for rebasing this patch. It applies and is merged! >>>>=20 >>>> -Michael >>>>=20 >>>>> On 19 May 2019, at 14:30, Oliver Fuhrer >> wrote: >>>>>=20 >>>>> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n >>>> subnets to wpad.dat so they don't pass through the proxy. >>>>> --- >>>>> Hi List, >>>>> New version of the patch, this one has been created against next branch >>>> and successfully tested on a fresh build. >>>>>=20 >>>>> Regards >>>>> Oliver >>>>>=20 >>>>> html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ >>>>> 1 file changed, 25 insertions(+) >>>>>=20 >>>>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >>>>> index 91e4fce..b639640 100644 >>>>> --- a/html/cgi-bin/proxy.cgi >>>>> +++ b/html/cgi-bin/proxy.cgi >>>>> @@ -2848,6 +2848,10 @@ sub write_acls >>>>>=20 >>>>> sub writepacfile >>>>> { >>>>> + my %vpnconfig=3D(); >>>>> + my %ovpnconfig=3D(); >>>>> + &General::readhasharray("${General::swroot}/vpn/config", >>>> \%vpnconfig); >>>>> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", >>>> \%ovpnconfig); >>>>> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); >>>>> flock(FILE, 2); >>>>> print FILE "function FindProxyForURL(url, host)\n"; >>>>> @@ -2910,6 +2914,27 @@ END >>>>> } >>>>> } >>>>>=20 >>>>> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp >>>> uc($vpnconfig{$b}[1]) } keys %vpnconfig) { >>>>> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne >>>> 'host') { >>>>> + my @networks =3D split(/\|/, $vpnconfig{$key}[11]); >>>>> + foreach my $network (@networks) { >>>>> + my ($vpnip, $vpnsub) =3D split("/", $network); >>>>> + $vpnsub =3D >>>> &Network::convert_prefix2netmask($vpnsub) || $vpnsub; >>>>> + print FILE " (isInNet(host, \"$vpnip\", >>>> \"$vpnsub\")) ||\n"; >>>>> + } >>>>> + } >>>>> + } >>>>> + >>>>> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp >>>> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { >>>>> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne >>>> 'host') { >>>>> + my @networks =3D split(/\|/, $ovpnconfig{$key}[11]); >>>>> + foreach my $network (@networks) { >>>>> + my ($vpnip, $vpnsub) =3D split("/", $network); >>>>> + print FILE " (isInNet(host, \"$vpnip\", >>>> \"$vpnsub\")) ||\n"; >>>>> + } >>>>> + } >>>>> + } >>>>> + >>>>> print FILE <>>>> (isInNet(host, "169.254.0.0", "255.255.0.0")) >>>>> ) >>>>> -- >>>>> 1.8.3.1 >>>>>=20 >>>=20 >>>=20 >=20 >=20 --===============5848053065323617713==--