GNOME Bugzilla – Bug 701824
allow dispatcher script (or something) to configure system proxy
Last modified: 2016-11-25 20:20:39 UTC
I'd like to create a dispatcher script which does something like the following: if there is only one network (i.e. only one physical device is up, or a VPN with full tunnelling), then: Look for DHCP_WPAD URL, else Look for wpad.$SEARCHDOMAIN (bug 701820), else Look for proxy information provided by VPN (bug 701822) ... and prod it into PacRunner via DBus else: disable proxies in PacRunner I've filed two separate bugs, but even with those fixed I'm not quite sure if this can work. I'm not sure how, from a dispatcher script, I can cleanly determine if this is the "only" network by that definition. Perhaps this is better done from within NetworkManager rather than from a dispatcher script? Eventually, we might want to do something really cunning with merging proxy PAC scripts from multiple networks, much as we combine DNS for multiple networks and ensure that DNS for the appropriate domains and IP ranges goes to the correct side. But for now I'm content to just disable proxies when there's more than one network in active use (except for the physical device underlying a full-tunnel VPN, of course).
Created attachment 246287 [details] dispatcher script This is what a really naïve attempt at such a script might look like. It's Legacy IP only, but it basically makes the "am I the only network?" decision, and attempts to get proxy information from whatever's available. It works OK on my home network with DHCP WPAD information, and a full-tunnel VPN where http://wpad.$domain/wpad.dat exists — but only for an explicitly configured domain and not the one that the VPN server gives me, of course, since that isn't visible anywhere. And I had to hard-code the wpad.$domain IP address in /etc/hosts or I'd get . ** (nm-dispatcher.action:19339): WARNING **: Script '/etc/NetworkManager/dispatcher.d/01-pacrunner' took too long; killing it. But it's probably a better explanation of what I'm trying to do, than my original attempt.
This patch makes an attempt to gather proxy information slightly more sensibly (bug 368423 was a start, and this improves it a bit) https://mail.gnome.org/archives/networkmanager-list/2013-June/msg00077.html
I don't actually think we need to add new field to nm-ip4-config for that. It might be better to publish some generic list of options like that, as anyone else can come and want a new fancy option. Also, is the WPAD information IPv4 specific? Let's see what Dan will come up with. (In reply to comment #0) > Perhaps this is better done from within NetworkManager rather than from a > dispatcher script? NetworkManager's API and CLI are continuously getting improved, so you should better and better experience. The dispatcher is still somewhat awkward but if you were able to grab the action, you can use nmcli to get various information from NetworkManager and file bug reports for information you can't get. > Eventually, we might want to do something really cunning with merging proxy PAC > scripts from multiple networks, much as we combine DNS for multiple networks > and ensure that DNS for the appropriate domains and IP ranges goes to the > correct side. Yep, that's possible. > But for now I'm content to just disable proxies when there's more > than one network in active use (except for the physical device underlying a > full-tunnel VPN, of course). I sort of see the logic in the simplification. We're doing a similar thing for unbound and DNSSEC and are stepping on similar limits there. There are other bug reports related to dispatcher like bug 703395 and bug 689741. It would be nice if we could write down a summary of what we expect from the dispatcher and in which form.
Could we check whether NM git master with recent additions gives out enough information to implement that?
NetworkManager gained native proxy support to push information to pac-runner. See for example https://bugzilla.gnome.org/show_bug.cgi?id=621767#c6 Closing as OBSOLETE, as this is now solved like David said: > Perhaps this is better done from within NetworkManager rather than from a > dispatcher script?