Univention Bugzilla – Attachment 6528 Details for
Bug 37332
Broken network detection: broken with VLAN, bonding, bridging
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Handle all IPv4 interfaces
37332-squid-Fix-network-detection.patch (text/plain), 4.63 KB, created by
Philipp Hahn
on 2014-12-15 09:34:04 CET
(
hide
)
Description:
Handle all IPv4 interfaces
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2014-12-15 09:34:04 CET
Size:
4.63 KB
patch
obsolete
>From 22218fbf8a57fc22552076c66cd758d542412b53 Mon Sep 17 00:00:00 2001 >Message-Id: <22218fbf8a57fc22552076c66cd758d542412b53.1418632415.git.hahn@univention.de> >From: Philipp Hahn <hahn@univention.de> >Date: Mon, 15 Dec 2014 09:32:48 +0100 >Subject: [PATCH] Bug #37332 squid: Fix network detection >Organization: Univention GmbH, Bremen, Germany > >Handle VLAN, bridge, bonding and all other network interfaces not >starting with 'eth'. >--- > .../conffiles/etc/squid3/squid.conf | 37 +++++++--------------- > .../services/univention-squid/debian/changelog | 6 ++++ > 2 files changed, 18 insertions(+), 25 deletions(-) > >diff --git a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf b/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf >index e0ec919..71a59bf 100644 >--- a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf >+++ b/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf >@@ -22,6 +22,7 @@ refresh_pattern . 0 20% 4320 > > @!@ > import ipaddr >+from univention.config_registry.interfaces import Interfaces > > # globales > myNetworks = {} >@@ -31,14 +32,9 @@ authentication = False > authenticationGroups = False > > # get local networks >-for key,value in configRegistry.items(): >- if key.startswith('interfaces/eth'): >- interface = key.split("/")[1] >- network = configRegistry.get('interfaces/%s/network' % interface, "") >- netmask = configRegistry.get('interfaces/%s/netmask' % interface, "") >- address = configRegistry.get('interfaces/%s/address' % interface, "") >- if network and netmask and address: >- myNetworks[network] = netmask >+for _name, iface in Interfaces(configRegistry).ipv4_interfaces: >+ addr = iface.ipv4_address() >+ myNetworks['%s' % addr.network] = '%s' % addr.netmask > > for network in myNetworks: > allowFrom.append((network, myNetworks[network])) >@@ -59,7 +55,7 @@ for entry in configRegistry.get("squid/allowfrom", "").split(" "): > print "# debug options" > if configRegistry['squid/debug/level']: > print "debug_options %s" % ( configRegistry.get('squid/debug/level')) >- print >+ print > > if configRegistry.is_false('squid/cache'): > print "cache deny all" >@@ -151,11 +147,9 @@ if authentication: > print > > print "# network acl's" >-count = 0 >-for network, netmask in allowFrom: >+for count, (network, netmask) in enumerate(allowFrom): > netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen > print 'acl localnet%s src %s/%s' % (count, network, netprefix) >- count += 1 > print > > >@@ -173,12 +167,10 @@ print > > # local nets > if configRegistry.is_true("squid/allow/localnet"): >- count = 0 > print "# allow local networks (squid/allow/localnet)" > print 'http_access allow localhost' >- for network in myNetworks.keys(): >+ for count in xrange(len(myNetworks)): > print 'http_access allow localnet%s' % count >- count += 1 > print > # user authentication or > if authentication: >@@ -197,10 +189,8 @@ else: > if allowAll: > print "http_access allow all" > else: >- count = 0 >- for network, netmask in allowFrom: >+ for count in xrange(len(allowFrom)): > print 'http_access allow localnet%s' % count >- count += 1 > print > > print "# deny the rest" >@@ -239,15 +229,13 @@ if configRegistry['squid/parent/host']: > directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) ) > except: > print "# wrong entry in squid/parent/directnetworks: %s " % entry >- >- count = 0 >+ > import ipaddr >- for network, netmask in directTo: >+ for count, (network, netmask) in enumerate(directTo): > prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen > print 'acl to_localnet%s dst %s/%s' % (count, network, prefix) >- count += 1 >- >- for rulenum in range(0, count): >+ >+ for rulenum in xrange(len(directTo)): > print 'always_direct allow to_localnet%s' % rulenum > > print 'never_direct allow all' >@@ -255,5 +243,4 @@ if configRegistry['squid/parent/host']: > append_domain = configRegistry.get( 'squid/append_domain', '' ) > if append_domain != '': > print 'append_domain', append_domain >- > @!@ >diff --git a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog b/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog >index 7879a7d..62fad4b 100644 >--- a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog >+++ b/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog >@@ -1,3 +1,9 @@ >+univention-squid (8.0.2-2) unstable; urgency=low >+ >+ * Bug #37332: Fix network detection >+ >+ -- Philipp Hahn <hahn@univention.de> Mon, 15 Dec 2014 09:32:20 +0100 >+ > univention-squid (8.0.2-1) unstable; urgency=medium > > * Bug #36780: fix squidguard config file path >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6528">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 37332
: 6528