Re: Proxy detection for IPv6 vs. Legacy IP

From: Atul Anand <atulhjp gmail com>
To: David Woodhouse <dwmw2 infradead org>
Cc: NetworkManager Discussions <networkmanager-list gnome org>
Subject: Re: Proxy detection for IPv6 vs. Legacy IP
Date: Thu, 28 Apr 2016 18:31:07 +0530

<dcbw> my vote would be just adding a new object (ProxyConfig) to keep
proxy-related information
<dcbw> so just go for object, and then we can all argue about whether
it should be object/interface/etc later :)

I think the first issue for naming  *object* has been solved . We'll
implement a simple ( internal) object [NMProxyConfig] which is to be
exported over other places to collect proxy details . I think there is
no need to expose run time config like PAC URL because it is of no use
until clients interact to a Proxy handler like PacRunner ( and NM
can't provide list of proxy servers (except for the manual case)  so
exposing or not shouldn't be a point of worry  ) .

For the next issue of DHCP4v6 ( David Sir said above) ..isn't there
any other place in NM or anywhere where we obtain multiple things
..what we do? Try first then second and so on ...in a priority order
ofcourse .

So the mechanism should be like obtain pac_url from DHCP4 first ( for
the obvious reasons )
if NM hasn't recieved go for pac_url from DHCP6 . Whatever NM recieve
first should be pushed into PacRunner . DHCP servers must have been
configured for use ...so using one should not abuse the other . :)
And there is no doubt over DHCP[4,6] vs WPAD via DNS .The other one
has a security loophole.
Implementing WPAD via DNS is not our priority now , it comes later
when we have a working proxy mechanism atleast ...though manual
overrides via GUI comes earlier . :)
Correct me if i'm going wrong somewhere .

Atul

On 4/28/16, David Woodhouse <dwmw2 infradead org> wrote:

[22:21] <dcbw> atulhjp_: is there a plan to handle separate proxy
        information that may come from DHCPv4 and DHCPv6?


Oh, $DEITY no please don't do that. It's bad enough that we have that
for DNS — even in manual settings. And we thus have bizarre and not-
entirely-useful semantics for what the "IPv4 DNS" vs. "IPv6 DNS"
settings are for. And both RDNSS and DHCPv6 are "IPv6 DNS".

Proxy information can come from a lot of places. Including DHCPv[46],
WPAD, and other places. Just deal with it, have a priority order for
them (with manual configuration obviously overriding anything else and
maybe a way to disable WPAD but permit the rest), and keep it simple.

Please don't extend the DNS thing. It'd actually be nice to *fix* that
and move DNS settings into a NMDeviceSettings object, if we could.

--
dwmw2

Follow-Ups:
- Re: Proxy detection for IPv6 vs. Legacy IP
  - From: Bjørn Mork

References:
- Proxy detection for IPv6 vs. Legacy IP
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]