Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: [PATCH 2/2] proxy: support for non browser schemes in
'auto' mode (David Woodhouse)
2. Re: [PATCH 2/2] proxy: support for non browser schemes in
'auto' mode (David Woodhouse)
----------------------------------------------------------------------
Message: 1
Date: Fri, 12 Aug 2016 17:56:06 +0200
From: David Woodhouse <[email protected]>
To: Atul Anand <[email protected]>, [email protected]
Subject: Re: [PATCH 2/2] proxy: support for non browser schemes in
'auto' mode
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
On Sun, 2016-08-07 at 13:41 +0530, Atul Anand wrote:
> PacRunner is obtaining PAC file from the network for the use of all
> clients. Though PAC files are usually written for browser protocols
> and browsers have already support for. To be fair towards all clients
> add a new key "NonBrowser" on DBus interface as an string array and
> should be provided when there is a request for proxy from URL with
> non browser scheme.
As discussed in person just now at GUADEC... ?let's not do this with a
string key.
There are two classes of information in the proxy configuration. Right
now the 'Domains' setting is used *purely* in pacrunner_proxy_lookup()
to decide which proxy config to select for a given request.
Everything else is used to decide what *answer* to give, once a given
proxy configuration is selected.
Let's have a new 'BrowserOnly' boolean setting which is in the former
category ? used only for selecting which proxy configuration to use.
So a request for a "browser" protocol would match the following configs
in order of preference (if they exist):
?? Matching "Domains", BrowserOnly==TRUE
?? Matching "Domains", BrowserOnly==FALSE
?? Domains==NULL, BrowserOnly==TRUE
?? Domains==NULL, BrowserOnly==FALSE
A request for a non-browser protocol would match the following:
?? Matching "Domains", BrowserOnly==FALSE
?? Domains==NULL, BrowserOnly==FALSE (sometimes, see below)
There's a slight complexity here: when a non-browser request occurs,
and there *is* a config with matching "Domains" but which we can't use
because its BrowserOnly setting is TRUE... then in that case we
*shouldn't* fall back to Domains==NULL,BrowserOnly==FALSE config.
Consider the case of a split-tunnel VPN, where we've got an auto-
discovered PAC file on the VPN that we're using for the "example.com"
domains. For non-browser request we do want to go direct. We *don't*
want to use a SOCKS proxy on the *local* network (the config with
Domains==NULL).
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL:
<http://lists.01.org/pipermail/connman/attachments/20160812/62eec146/attachment-0001.bin>
------------------------------
Message: 2
Date: Fri, 12 Aug 2016 18:32:10 +0200
From: David Woodhouse <[email protected]>
To: Atul Anand <[email protected]>, [email protected]
Subject: Re: [PATCH 2/2] proxy: support for non browser schemes in
'auto' mode
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
On Fri, 2016-08-12 at 17:56 +0200, David Woodhouse wrote:
>
> So a request for a "browser" protocol would match the following configs
> in order of preference (if they exist):
> ?? Matching "Domains", BrowserOnly==TRUE
> ?? Matching "Domains", BrowserOnly==FALSE
> ?? Domains==NULL, BrowserOnly==TRUE
> ?? Domains==NULL, BrowserOnly==FALSE
>
> A request for a non-browser protocol would match the following:
> ?? Matching "Domains", BrowserOnly==FALSE
> ?? Domains==NULL, BrowserOnly==FALSE (sometimes, see below)
>
> There's a slight complexity here: when a non-browser request occurs,
> and there *is* a config with matching "Domains" but which we can't use
> because its BrowserOnly setting is TRUE... then in that case we
> *shouldn't* fall back to Domains==NULL,BrowserOnly==FALSE config.
Utterly untested...
diff --git a/src/proxy.c b/src/proxy.c
index db49c58..e645db7 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -40,6 +40,7 @@ struct pacrunner_proxy {
? char *script;
? GList **servers;
? GList **excludes;
+ gboolean browser_only;
? GList *domains;
? void *jsctx;
?};
@@ -475,14 +476,33 @@ static int compare_host_in_domain(const char *host,
struct proxy_domain *match)
?
? return -1;
?}
-
+/*
+ * A request for a "browser" protocol would match the following configs
+ * order of preference (if they exist):
+ *??? Matching "Domains", BrowserOnly==TRUE
+ *??? Matching "Domains", BrowserOnly==FALSE
+ *??? Domains==NULL, BrowserOnly==TRUE
+ *??? Domains==NULL, BrowserOnly==FALSE
+ *
+ * A request for a non-browser protocol would match the following:
+ *??? Matching "Domains", BrowserOnly==FALSE
+ *??? Domains==NULL, BrowserOnly==FALSE (except if a config exists with
+ *????Matching "Domains", BrowserOnly==TRUE, in which case we need to
+ *????return NULL).
+ */
?char *pacrunner_proxy_lookup(const char *url, const char *host)
?{
? GList *l, *list;
? struct in_addr ip4_addr;
? struct in6_addr ip6_addr;
- struct pacrunner_proxy *selected_proxy = NULL, *default_proxy = NULL;
+ struct pacrunner_proxy *proxy = NULL;
+ /* Four classes of 'match' */
+ struct pacrunner_proxy *alldomains_browseronly = NULL;
+ struct pacrunner_proxy *alldomains_allprotos = NULL;
+ struct pacrunner_proxy *domainmatch_browseronly = NULL;
+ struct pacrunner_proxy *domainmatch_allprotos = NULL;
? int protocol = 0;
+ gboolean request_is_browser;
?
? DBG("url %s host %s", url, host);
?
@@ -511,13 +531,18 @@ char *pacrunner_proxy_lookup(const char *url, const char
*host)
? protocol = 6;
? }
? }
+ request_is_browser = g_str_has_prefix(url, "ftp://";) ||
+ g_str_has_prefix(url, "http://";) || g_str_has_prefix(url,
"https://";) ||
+ g_str_has_prefix(url, "nntp://";) || g_str_has_prefix(url,
"nttps://");
?
? for (list = g_list_first(proxy_list); list; list = g_list_next(list)) {
- struct pacrunner_proxy *proxy = list->data;
+ proxy = list->data;
?
? if (!proxy->domains) {
- if (!default_proxy)
- default_proxy = proxy;
+ if (proxy->browser_only && !alldomains_browseronly)
+ alldomains_browseronly = proxy;
+ else if (!proxy->browser_only && !alldomains_allprotos)
+ alldomains_allprotos = proxy;
? continue;
? }
?
@@ -531,54 +556,74 @@ char *pacrunner_proxy_lookup(const char *url, const char
*host)
? case 4:
? if (compare_legacy_ip_in_net(&ip4_addr,
? data) == 0) {
- selected_proxy = proxy;
? DBG("match proxy %p Legacy IP range %s",
? ????proxy, data->domain);
- goto found;
+ goto matches;
? }
? break;
? case 6:
? if (compare_ipv6_in_net(&ip6_addr,
? data) == 0) {
- selected_proxy = proxy;
? DBG("match proxy %p IPv6 range %s",
? ????proxy, data->domain);
- goto found;
+ goto matches;
? }
? break;
? default:
? if (compare_host_in_domain(host, data) == 0) {
- selected_proxy = proxy;
? DBG("match proxy %p DNS domain %s",
? ????proxy, data->domain);
- goto found;
+ goto matches;
? }
? break;
? }
? }
+ /* No match */
+ continue;
+
+ matches:
+ if (proxy->browser_only == request_is_browser) {
+ goto found;
+ } else if (proxy->browser_only) {
+ /* A non-browser request will return DIRECT instead of?
+ ???falling back to alldomains_* if this exists. */
+ if (!domainmatch_browseronly)
+ domainmatch_browseronly = proxy;
+ } else {
+ /* We might fall back to this, for a browser request */
+ if (!domainmatch_allprotos)
+ domainmatch_allprotos = proxy;
+ }
? }
?
- if (!selected_proxy) {
- DBG("default proxy %p", default_proxy);
- selected_proxy = default_proxy;
+ if (request_is_browser) {
+ /* We'll have bailed out immediately if we found a domain match
+ ???with proxy->browser_only==TRUE. Fallbacks in order of
preference... */
+ proxy = domainmatch_allprotos;
+ if (!proxy)
+ proxy = alldomains_browseronly;
+ if (!proxy)
+ proxy = alldomains_allprotos;
+ } else {
+ if (!domainmatch_browseronly)
+ proxy = alldomains_allprotos;
? }
?
-found:
+ found:
? pthread_mutex_unlock(&proxy_mutex);
?
- if (!selected_proxy)
+ if (!proxy)
? return NULL;
?
- switch (selected_proxy->method) {
+ switch (proxy->method) {
? case PACRUNNER_PROXY_METHOD_UNKNOWN:
? case PACRUNNER_PROXY_METHOD_DIRECT:
? break;
? case PACRUNNER_PROXY_METHOD_MANUAL:
- return __pacrunner_manual_execute(url, host,
- selected_proxy->servers,
- selected_proxy->excludes);
+ return __pacrunner_manual_execute(url, host, proxy->servers,
+ ??proxy->excludes);
? case PACRUNNER_PROXY_METHOD_AUTO:
- return __pacrunner_js_execute(selected_proxy, url, host);
+ return __pacrunner_js_execute(proxy, url, host);
? }
?
? return NULL;
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL:
<http://lists.01.org/pipermail/connman/attachments/20160812/96547ccb/attachment-0001.bin>
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 10, Issue 10
***************************************
