Re: NM and IETF MIF working group

From: Dan Williams <dcbw redhat com>
To: Stjepan Groš <stjepan gros fer hr>
Cc: Leonardo Jelenkovic <leonardo jelenkovic fer hr>, David Woodhouse <dwmw2 infradead org>, networkmanager-list gnome org, Dejan Škvorc <dejan skvorc fer hr>
Subject: Re: NM and IETF MIF working group
Date: Thu, 01 Oct 2015 11:52:13 -0500

On Mon, 2015-09-28 at 22:29 +0200, Stjepan Groš wrote:

On 28.09.2015 11:48, David Woodhouse wrote:

On Mon, 2015-09-07 at 12:05 +0200, Stjepan Groš wrote:

Two colleagues of mine and I started to work on MIF implementation on 
Fedora. In case someone doesn't know, IETF MIF working group (
https://datatracker.ietf.org/wg/mif/charter/) tries to solve the 
problems of a single node having multiple parallel connections to 
different destinations (Internet, VPN, some private networks, etc.).

Please ensure you take proxies into account.

If my local DHCP server handed me a proxy PAC file, and if I connect to
a split-tunnel VPN which *also* provides a proxy PAC file, I expect
that requests I make to to the company VPN (within its domain names and
IP ranges) to use one proxy configuration, while requests to the
Internet at large should use my local proxy.


If I understand it correctly, PAC information received from DHCP is send
by NM via DBus, but otherwise not used in any way? So, it is necessary
to use some tool like proxydriver
(https://github.com/jimlawton/proxydriver) that will modify system
settings based on this info?


Yes, NM gets the information from DHCP and exposes it on D-Bus but does
not make any further use of it.  That's up to whatever proxy
implementation you have that wants to process PAC files, at least at
this point.  I think that's the point of libproxy/pacrunner though,
where apps need to say "how must I access http://it.foobar.com"; and the
proxy library consults the list of methods to get there, and returns an
answer like "you must use this proxy" or "just go there directly".  Apps
do need to be smarter here.

Dan

In any case, this is interesting info because we didn't though of it.
Namely, if browser is configured to use system proxy settings and it is
placed within new namespace, then it might happen that wrong proxy is
used, or global proxy settings are mixed up.

SG
_______________________________________________
networkmanager-list mailing list
networkmanager-list gnome org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: NM and IETF MIF working group
  - From: David Woodhouse
- Re: NM and IETF MIF working group
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]