From 22218fbf8a57fc22552076c66cd758d542412b53 Mon Sep 17 00:00:00 2001 Message-Id: <22218fbf8a57fc22552076c66cd758d542412b53.1418632415.git.hahn@univention.de> From: Philipp Hahn Date: Mon, 15 Dec 2014 09:32:48 +0100 Subject: [PATCH] Bug #37332 squid: Fix network detection Organization: Univention GmbH, Bremen, Germany Handle VLAN, bridge, bonding and all other network interfaces not starting with 'eth'. --- .../conffiles/etc/squid3/squid.conf | 37 +++++++--------------- .../services/univention-squid/debian/changelog | 6 ++++ 2 files changed, 18 insertions(+), 25 deletions(-) diff --git a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf b/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf index e0ec919..71a59bf 100644 --- a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf +++ b/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf @@ -22,6 +22,7 @@ refresh_pattern . 0 20% 4320 @!@ import ipaddr +from univention.config_registry.interfaces import Interfaces # globales myNetworks = {} @@ -31,14 +32,9 @@ authentication = False authenticationGroups = False # get local networks -for key,value in configRegistry.items(): - if key.startswith('interfaces/eth'): - interface = key.split("/")[1] - network = configRegistry.get('interfaces/%s/network' % interface, "") - netmask = configRegistry.get('interfaces/%s/netmask' % interface, "") - address = configRegistry.get('interfaces/%s/address' % interface, "") - if network and netmask and address: - myNetworks[network] = netmask +for _name, iface in Interfaces(configRegistry).ipv4_interfaces: + addr = iface.ipv4_address() + myNetworks['%s' % addr.network] = '%s' % addr.netmask for network in myNetworks: allowFrom.append((network, myNetworks[network])) @@ -59,7 +55,7 @@ for entry in configRegistry.get("squid/allowfrom", "").split(" "): print "# debug options" if configRegistry['squid/debug/level']: print "debug_options %s" % ( configRegistry.get('squid/debug/level')) - print + print if configRegistry.is_false('squid/cache'): print "cache deny all" @@ -151,11 +147,9 @@ if authentication: print print "# network acl's" -count = 0 -for network, netmask in allowFrom: +for count, (network, netmask) in enumerate(allowFrom): netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen print 'acl localnet%s src %s/%s' % (count, network, netprefix) - count += 1 print @@ -173,12 +167,10 @@ print # local nets if configRegistry.is_true("squid/allow/localnet"): - count = 0 print "# allow local networks (squid/allow/localnet)" print 'http_access allow localhost' - for network in myNetworks.keys(): + for count in xrange(len(myNetworks)): print 'http_access allow localnet%s' % count - count += 1 print # user authentication or if authentication: @@ -197,10 +189,8 @@ else: if allowAll: print "http_access allow all" else: - count = 0 - for network, netmask in allowFrom: + for count in xrange(len(allowFrom)): print 'http_access allow localnet%s' % count - count += 1 print print "# deny the rest" @@ -239,15 +229,13 @@ if configRegistry['squid/parent/host']: directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) ) except: print "# wrong entry in squid/parent/directnetworks: %s " % entry - - count = 0 + import ipaddr - for network, netmask in directTo: + for count, (network, netmask) in enumerate(directTo): prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen print 'acl to_localnet%s dst %s/%s' % (count, network, prefix) - count += 1 - - for rulenum in range(0, count): + + for rulenum in xrange(len(directTo)): print 'always_direct allow to_localnet%s' % rulenum print 'never_direct allow all' @@ -255,5 +243,4 @@ if configRegistry['squid/parent/host']: append_domain = configRegistry.get( 'squid/append_domain', '' ) if append_domain != '': print 'append_domain', append_domain - @!@ diff --git a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog b/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog index 7879a7d..62fad4b 100644 --- a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog +++ b/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog @@ -1,3 +1,9 @@ +univention-squid (8.0.2-2) unstable; urgency=low + + * Bug #37332: Fix network detection + + -- Philipp Hahn Mon, 15 Dec 2014 09:32:20 +0100 + univention-squid (8.0.2-1) unstable; urgency=medium * Bug #36780: fix squidguard config file path -- 1.9.1