Udv, felhasznaltam az archivumban levo javaslatokat, de nem tudom mukodesre birni a zorp-ot transparent https proxy-kent. Mit ronthatok el? Ime, ami a policy-ben van: class MyHttpProxy(HttpProxy): def config(self): HttpProxy.config(self) class MyHttpsProxy(PsslProxy): def config(self): PsslProxy.config(self) self.server_need_ssl = TRUE self.client_need_ssl = TRUE self.client_cert = '/etc/zorp/myhttps.crt' self.client_key = '/etc/zorp/myhttps.key' self.client_verify_type = SSL_VERIFY_NONE self.server_verify_type = SSL_VERIFY_NONE self.shutdown_soft = TRUE self.stack_proxy = MyHttpProxy Hibauzenet: core.stderr(3): (Log thread): Traceback (most recent call last): core.stderr(3): (Log thread): File "/usr/share/zorp/pylib/Zorp/Dispatch.py", line 206, in accepted core.stderr(3): (Log thread): return session.service.startInstance(session) core.stderr(3): (Log thread): File "/usr/share/zorp/pylib/Zorp/Service.py", line 297, in startInstance core.stderr(3): (Log thread): session.client_stream.name = session.session_id + '/' + self.proxy_class.name + '/client' core.stderr(3): (Log thread): TypeError: cannot concatenate 'str' and 'NoneType' objects core.policy(1): (local@zorp@tatooine/nosession): Connection denied by policy;protocol='1',remote='AF_INET(192.168.0.1:35483)', local='AF_INET(213.253.194.2:443)', dest='AF_INET(213.253.194.2:443)' Zorp verzio: 3.0.3 Koszontem, Viktor ui: (non-transparent https proxy-kent sem ment, de gondoltam kezdjuk az egyszerubb esettel.)
On Thu, 2005-04-07 at 14:28 +0200, Tuska Viktor wrote:
Udv,
felhasznaltam az archivumban levo javaslatokat, de nem tudom mukodesre birni a zorp-ot transparent https proxy-kent. Mit ronthatok el?
Ime, ami a policy-ben van:
Hibauzenet: core.stderr(3): (Log thread): Traceback (most recent call last): core.stderr(3): (Log thread): File "/usr/share/zorp/pylib/Zorp/Dispatch.py", line 206, in accepted core.stderr(3): (Log thread): return session.service.startInstance(session) core.stderr(3): (Log thread): File "/usr/share/zorp/pylib/Zorp/Service.py", line 297, in startInstance core.stderr(3): (Log thread): session.client_stream.name = session.session_id + '/' + self.proxy_class.name + '/client' core.stderr(3): (Log thread): TypeError: cannot concatenate 'str' and 'NoneType' objects core.policy(1): (local@zorp@tatooine/nosession): Connection denied by policy;protocol='1',remote='AF_INET(192.168.0.1:35483)', local='AF_INET(213.253.194.2:443)', dest='AF_INET(213.253.194.2:443)'
mintha el lenne rontva a Service() definiciod. meg tudod azt is mutatni? -- Bazsi
Balazs Scheidler wrote:
mintha el lenne rontva a Service() definiciod. meg tudod azt is mutatni
Ime: def https(): Service("office_443-http", MyHttpsProxy, router=TransparentRouter()) Listener(SockAddrInet("1.2.3.4", 50443), "office_443-http") Koszontem, Viktor
On Fri, 2005-04-08 at 06:58 +0200, Tuska Viktor wrote:
Balazs Scheidler wrote:
mintha el lenne rontva a Service() definiciod. meg tudod azt is mutatni
Ime:
hmm.. pedig ez jonak tunik. megnezem a kettot egyben.
def https(): Service("office_443-http", MyHttpsProxy, router=TransparentRouter()) Listener(SockAddrInet("1.2.3.4", 50443), "office_443-http")
-- Bazsi
On Fri, 2005-04-08 at 06:58 +0200, Tuska Viktor wrote:
Balazs Scheidler wrote:
mintha el lenne rontva a Service() definiciod. meg tudod azt is mutatni
Ime:
def https(): Service("office_443-http", MyHttpsProxy, router=TransparentRouter()) Listener(SockAddrInet("1.2.3.4", 50443), "office_443-http")
osszeraktam a configodat es nalam mukodik. a hibauzenet alapjan olyan, mintha ez az ertekadas nem sikerulne: session.client_stream.name = session.session_id + '/' + self.proxy_class.name + '/client' Mivel vagy a session.session_id, vagy a self.proxy_class.name erteke None. Elvileg egyik sem fordulhat elo, normalis esetben. Nekem a proxy_class.name gyanusabb, a Python ugyanis az elso esetben mas hibauzenetet adna: Python 2.3.5 (#2, Feb 9 2005, 00:38:15) [GCC 3.3.5 (Debian 1:3.3.5-8)] on linux2 Type "help", "copyright", "credits" or "license" for more information.
a=None + 'abc' Traceback (most recent call last): File "<stdin>", line 1, in ? TypeError: unsupported operand type(s) for +: 'NoneType' and 'str' a='abc' + None Traceback (most recent call last): File "<stdin>", line 1, in ? TypeError: cannot concatenate 'str' and 'NoneType' objects
Tehat olyan, mintha a proxy osztalyodbol valamiert rossz erteke van a "name" attributumnak. Ez az attributum adja meg a Python proxy osztalyhoz tartozo C-ben irt modult (azaz a PsslProxy-bol szarmazott osztalyok eseten az erteke "pssl" kellene, hogy legyen) Biztosan jo konfigreszletet kuldtel? Nem irja valami felul azt az attributumot? ez a policy.py file, amivel kiprobaltam: from Zorp.Core import * from Zorp.Plug import * from Zorp.Http import * from Zorp.Pssl import * InetZone('all', '0.0.0.0/0', inbound_services=['*'], outbound_services=['*']) class MyHttpProxy(HttpProxy): def config(self): HttpProxy.config(self) class MyHttpsProxy(PsslProxy): def config(self): PsslProxy.config(self) self.server_need_ssl = TRUE self.client_need_ssl = TRUE self.client_cert = 'proba.crt' self.client_key = 'proba.key' self.client_verify_type = SSL_VERIFY_NONE self.server_verify_type = SSL_VERIFY_NONE self.shutdown_soft = TRUE self.stack_proxy = MyHttpProxy def zorp(): Service("office_443-http", MyHttpsProxy, router=TransparentRouter()) Listener(SockAddrInet("1.2.3.4", 50443), "office_443-http") -- Bazsi
On Fri, 2005-04-08 at 11:15 +0200, Balazs Scheidler wrote:
On Fri, 2005-04-08 at 06:58 +0200, Tuska Viktor wrote:
Balazs Scheidler wrote:
mintha el lenne rontva a Service() definiciod. meg tudod azt is mutatni
Ime:
def https(): Service("office_443-http", MyHttpsProxy, router=TransparentRouter()) Listener(SockAddrInet("1.2.3.4", 50443), "office_443-http")
osszeraktam a configodat es nalam mukodik. a hibauzenet alapjan olyan, mintha ez az ertekadas nem sikerulne:
megvan a gond. a 3.0.3-as GPL-esben levo Pssl proxynak pont ez volt a baja. hasznald a 3.0.3.7-es tesztverziot (elvileg nemsokara lesz 3.0.4 is, ami mar nem valtozott a 3.0.3.7-hez kepest). -- Bazsi
Balazs Scheidler wrote: Balazs, koszontem szepen. Eppen irni akartam, hogy miket tapasztaltam non-transparent modban a Proxy.__init__ metodus kornyeken pssl eseten. Legkozelebb majd kicsit gondolkodom es felteszem a legujabb verziot, mielott kerdezgetnek okosan. :) Viktor
megvan a gond. a 3.0.3-as GPL-esben levo Pssl proxynak pont ez volt a baja. hasznald a 3.0.3.7-es tesztverziot (elvileg nemsokara lesz 3.0.4 is, ami mar nem valtozott a 3.0.3.7-hez kepest).
participants (2)
-
Balazs Scheidler
-
Tuska Viktor