diff -uNr ffproxy-1.6-RC1/BUGS ffproxy-RC2/BUGS --- ffproxy-1.6-RC1/BUGS 2003-08-09 00:44:47.000000000 +0200 +++ ffproxy-RC2/BUGS 1970-01-01 01:00:00.000000000 +0100 @@ -1,12 +0,0 @@ -I've access to a limited number of different -systems only, so it's not guaranteed that -ffproxy will compile at all. - -So far, I've tested ffproxy to work under -OpenBSD, FreeBSD, Linux, and Solaris8. - -If you've patches to make ffproxy work -on other systems, please let me know. - -Send bug reports, comments, questions -to Niklas Olmes diff -uNr ffproxy-1.6-RC1/COPYING ffproxy-RC2/COPYING --- ffproxy-1.6-RC1/COPYING 2002-07-25 14:34:02.000000000 +0200 +++ ffproxy-RC2/COPYING 1970-01-01 01:00:00.000000000 +0100 @@ -1,339 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - Appendix: How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) 19yy - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) 19yy name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. diff -uNr ffproxy-1.6-RC1/ChangeLog ffproxy-RC2/ChangeLog --- ffproxy-1.6-RC1/ChangeLog 2004-06-08 01:33:16.000000000 +0200 +++ ffproxy-RC2/ChangeLog 1970-01-01 01:00:00.000000000 +0100 @@ -1,234 +0,0 @@ -Version 1.6 -============ - -* added CONNECT request method to - support HTTPS proxying - (see section HTTPS OPERATION - in ffproxy(8)) - -* new configuration options - unrestriced_connect and - timeout_connect - -* updated documentation accordingly - -Version 1.5.1 -============= - - * allow transparent operation - (see section TRANSPARENT OPERATION - in ffproxy(8) or ffproxy.quick(7)) - - * allow client to proxy keep alive - connections - - * new configuration option use_keep_alive - - * updated documentation accordingly - -Version 1.5 -=========== - - * IPv6 bind() support - - * changed db/* - You'll perhaps need to update files, - also please take a look at ffproxy(8) - - * allow comments and empty lines in db/* - - * removed caching complety from code - - * changed debug() to macro DEBUG() - - * code cleanups - - * check on configuration errors - - * more documentation in manual pages - ffproxy(8), ffproxy.conf(5), ffproxy.quick(7) - - * added HTTP Accelerator feature - - * more configuration file options, - more command line options - (for IPv6 and HTTP Accelerator) - - * allow non-numerical arguments to - uid, gid, -u, and -g - - * more minor changes - - * allow ffproxy to be compiled under Solaris8 - -Version 1.4.1 -============= - -* HTTP fix: savannah.gnu.org (and possibly - other hosts) does not understand - a Host: header with port number - correctly. - Now :80 is omitted, port number is only added - if needed. - -* implemented SYSCONFDIR and DATADIR, - default location for ffproxy's working directory - (db/ and html/ path) is now /var/ffproxy - default location of ffproxy.conf is now - /etc/ffproxy.conf - -Version 1.4 -=========== - -* added IPv6 Support - * new config options - - use_ipv6 yes|no - - forward_proxy_ipv6 yes|no - * new command line option -4 (disable IPv6) - * PLEASE NOTE: ffproxy is not yet able to *bind* - to IPv6, this will be implemented soon after - this release - -* removed config.proxyip and added config.proxyhost: - now proxyhost is resolved on every access - (was resolved only once on startup before) - -* changed copyright notice in every .c File - (added new E-Mail Address and renewed (c)) - -* changed README and manpage (minor changes) - -* moved configuration settings in Makefile up to - the top of the file - -Version 1.3p2 -============= - -* not using http://host/path style GET requests - anymore when not contacting an auxiliary proxy - -* fixed command line option -v behaviour: - ffproxy now terminates after displaying the - version number - -* fixed wrong db_path comment in sample.config: - path must be relative to new root but in no case - absolute because at first time read of the config - files ffproxy hasn't dropped its priviliges -- - because *after* reading them it knows that it - should do - -Version 1.3p1 -============= - -* off by one error (reported by Oliver Kurth) - [ r->header[i] = (char *) my_alloc(len); - in request.c ] fixed - -* (hopefully) fixed compiling issues under - linux (take a look at Makefile) - -* manpage was installed in wrong location, fixed - --------------------------------------------------- - Forgot sample.config in tar.gz for version 1.3, - fixed the tar.gz after report from Oliver Kurth - and uploaded the fixed one instead of the old - under the same file name on Fri, 2 Aug 2002 --------------------------------------------------- - -Version 1.3 -=========== - -* complete rewrite - -* layout of db/ has changed. delimited string - matching was abolished. - -* undocumented caching support - -Version 1.2 -=========== - -* changed loop protection (now it is - possible to connect through an arbitrary - number of ffproxy proxy servers, previously - LOOP_HEADER had to be edited, which is - now abolished. The X-loop header is - generated by the pid of the master process - and seconds since the epoch at invocation - time and therefore can be regarded as - unique.) - -* added configuration file support. See - file sample.config. System wide default - configuration file is /etc/ffproxy.conf, - but the user may use the new command - line option -f to specify the configuration - file to use. Note that command line - options overwrite defaults from - /etc/ffproxy.conf, but don't overwrite - user file configurations. In other words: - When using -f, other command line options - are useless. - -* added a few new command line options. - See manpage or ffproxy -h for details. - -* added HTTP HEAD method and changed code - to recognize different protocol versions - -* added logging option to log every request. - By default, only filtered and incorrect - requests get logged, as before. - -* regular expressions are now pre-compiled - to tune performance - -* fixed some nasty bugs (i.e. error while - parsing optional host part in URLs. - Request was generally blocked, or - damaged headers under some circumstances) - -* Updated manpage and README. - -Version 1.1 -=========== - -* added extended regular expression support - -* raised MAX_MSG_SIZE in log.c - (longer URLs got truncated in log output) - -* drop_privileges() allocated memory twice - (forgot to remove that, sorry) - (Note that this had no effect at all) - -* added command line option -D to specify directory - which contains db/ and html/ - -* added a manpage -- fproxy(1) - -* improved logging - -* modified the html/* error files - -* updated README file - -* URL host is preferred from host in Host header - (previously host header could overwrite hostname - found in URL, so using another proxy server - through this proxy server) - -* fixed compiling issues: - - o changed Makefile (users got confused with MY_CFLAGS, - removed that completely) - - o changed resolve() to return unsigned long since in_addr_t - is not supported on all systems - -Version 1.0 -=========== - -Initial release diff -uNr ffproxy-1.6-RC1/Makefile ffproxy-RC2/Makefile --- ffproxy-1.6-RC1/Makefile 2003-08-09 14:45:23.000000000 +0200 +++ ffproxy-RC2/Makefile 1970-01-01 01:00:00.000000000 +0100 @@ -1,41 +0,0 @@ -# -# change the following lines to fit your needs -# -# debugging: -#CC = cc -DUSE_DEBUG -#OCFLAGS = -W -Wall -Werror -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wbad-function-cast -pedantic-errors -O2 - -SRCS = main.c print.c socket.c request.c http.c alloc.c filter.c db.c file.c dns.c signals.c access.c regex.c msg.c poll.c -OBJS = $(SRCS:.c=.o) - -MANPAGES = ffproxy.8 ffproxy.conf.5 ffproxy.quick.7 - -PREFIX?=/usr/local -CC?=cc - -DATADIR?=/var/ffproxy -SYSCONFDIR?=/etc -CFLAGS += ${OCFLAGS} -DCFGFILE="\"${SYSCONFDIR}/ffproxy.conf\"" -DDATADIR="\"${DATADIR}\"" - -all: proxy - -lint: - lint -aa -b -c -e -g -h -x -s ${SRCS} - -install: - install -c ffproxy ${PREFIX}/bin/ffproxy - install -d ${PREFIX}/bin - install -d ${PREFIX}/man - install -d ${PREFIX}/man/man5 - install -d ${PREFIX}/man/man7 - install -d ${PREFIX}/man/man8 - install -c ffproxy.8 ${PREFIX}/man/man8/ffproxy.8 - install -c ffproxy.conf.5 ${PREFIX}/man/man5/ffproxy.conf.5 - install -c ffproxy.quick.7 ${PREFIX}/man/man7/ffproxy.quick.7 - -proxy: $(OBJS) - @./sys-dep.sh "${CC}" "${CFLAGS}" "-o ffproxy" "$(OBJS)" - strip ffproxy - -clean: - rm -f *.o ffproxy diff -uNr ffproxy-1.6-RC1/README ffproxy-RC2/README --- ffproxy-1.6-RC1/README 2004-06-08 01:34:00.000000000 +0200 +++ ffproxy-RC2/README 1970-01-01 01:00:00.000000000 +0100 @@ -1,42 +0,0 @@ -Description -=========== - -ffproxy is a filtering HTTP(S) proxy server. It is able to filter by host, -url, and header. Custom header entries can be filtered and added. It -can even drop its privileges and chroot(2) to some directory. Logging to -syslogd(8) is supported, as is using another auxiliary proxy server. -It is able to serve as a HTTP accelerator (front-end to a HTTP server). -IPv6 is fully supported and allows IPv6 HTTP over IPv4 tunneling (and -vice versa). - -Website: http://faith.eu.org/programs.html - -Compilation -=========== - - * Edit Makefile and sys-dep.sh to fit your needs. - If you're using OpenBSD, FreeBSD, Linux, or Solaris8, - you normally don't have to change anything. - - * After making your changes, compile ffproxy with make. - (see file `BUGS' if ffproxy won't compile or crashes) - -Installation -============ - - * Execute make install - This will copy ffproxy to ${PREFIX}/bin - and manpages to ${PREFIX}/man/man[578] - - * Copy directories db/ and html/ to some other directory, - like /var/ffproxy. See ffproxy.quick(7) for example - installation. - -Documentation -============= - - Documentation was moved to manual pages - - * ffproxy.quick(7) - quick introduction to setting up ffproxy - * ffproxy(8) - command line options; db/ and html/ description - * ffproxy.conf(5) - description of configuration files diff -uNr ffproxy-1.6-RC1/TODO ffproxy-RC2/TODO --- ffproxy-1.6-RC1/TODO 2003-08-09 00:44:47.000000000 +0200 +++ ffproxy-RC2/TODO 1970-01-01 01:00:00.000000000 +0100 @@ -1,7 +0,0 @@ -New Features to add: - - * add content filtering - - * caching support - -More ideas? Mail me. diff -uNr ffproxy-1.6-RC1/access.c ffproxy-RC2/access.c --- ffproxy-1.6-RC1/access.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/access.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,58 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: access.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include - -#include "req.h" -#include "dbs.h" -#include "print.h" -#include "dns.h" -#include "regex.h" -#include "access.h" - -int -check_access(const struct clinfo * host) -{ - int i; - - if (*host->ip != '\0') { - i = 0; - while (a_ip[i] != NULL) - if (do_regex(host->ip, a_ip[i++]) == 0) - return 0; - - if (*host->name != '\0') { - i = 0; - while (a_host[i] != NULL) - if (do_regex(host->name, a_host[i++]) == 0) - return 0; - } - i = 0; - while (a_dyndns[i] != NULL) - if (strcmp(host->ip, resolve_to_a(a_dyndns[i++])) == 0) - return 0; - } - - DEBUG(("check_access() => done, no access. IP (%s) Host (%s)", host->ip, host->name)); - - return 1; -} diff -uNr ffproxy-1.6-RC1/access.h ffproxy-RC2/access.h --- ffproxy-1.6-RC1/access.h 2002-07-08 18:15:05.000000000 +0200 +++ ffproxy-RC2/access.h 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -int check_access(const struct clinfo *); diff -uNr ffproxy-1.6-RC1/alloc.c ffproxy-RC2/alloc.c --- ffproxy-1.6-RC1/alloc.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/alloc.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,38 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: alloc.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include - -#include "print.h" -#include "alloc.h" - -void * -my_alloc(size_t size) -{ - void *p; - - if ((p = malloc(size)) == NULL) - fatal("malloc() failed"); - (void) memset(p, 0, size); - return p; -} diff -uNr ffproxy-1.6-RC1/alloc.h ffproxy-RC2/alloc.h --- ffproxy-1.6-RC1/alloc.h 2002-07-08 18:06:15.000000000 +0200 +++ ffproxy-RC2/alloc.h 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -void *my_alloc(size_t size); diff -uNr ffproxy-1.6-RC1/cfg.h ffproxy-RC2/cfg.h --- ffproxy-1.6-RC1/cfg.h 2004-06-08 00:42:34.000000000 +0200 +++ ffproxy-RC2/cfg.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,49 +0,0 @@ -struct cfg { - unsigned int port; - - char ipv4[256]; - char ipv6[256]; - - int daemon; - int childs; - int ccount; - int backlog; - - unsigned long uid; - unsigned long gid; - char chroot[256]; - char dbdir[256]; - char file[256]; - - char proxyhost[256]; - unsigned int proxyport; - - int syslog; - int logrequests; - - int use_ipv6; - int aux_proxy_ipv6; - - int bind_ipv6; - int bind_ipv4; - - int accel; - int accelusrhost; - char accelhost[256]; - unsigned int accelport; - - int kalive; - - int unr_con; - int to_con; - - int nowarn; - int first; -}; - -#define MAX_CHILDS 1024 -#define MAX_BACKLOG 64 -#define MAX_PORTS 65535 -#define MAX_UID 65535 -#define MAX_GID MAX_UID -#define MAX_FSIZE 256*1024 diff -uNr ffproxy-1.6-RC1/db/access.dyndns ffproxy-RC2/db/access.dyndns --- ffproxy-1.6-RC1/db/access.dyndns 2003-08-08 14:00:41.000000000 +0200 +++ ffproxy-RC2/db/access.dyndns 1970-01-01 01:00:00.000000000 +0100 @@ -1,10 +0,0 @@ -# db/access.dyndns -# -# put hostnames with changing IPv4 addresses allowed to connect here -# empty lines and lines starting with # are ignored -# hostnames are resolved to IPv4 address, if IPv4 address matches -# IP address of connecting host, access is granted -# -# Example: -#myhost.dyndns.org -#dynip.myip.com diff -uNr ffproxy-1.6-RC1/db/access.host ffproxy-RC2/db/access.host --- ffproxy-1.6-RC1/db/access.host 2003-08-08 14:10:20.000000000 +0200 +++ ffproxy-RC2/db/access.host 1970-01-01 01:00:00.000000000 +0100 @@ -1,15 +0,0 @@ -# db/access.host -# -# put IPv4 and IPv6 hostnames (reverse names) allowed to connect here -# use db/access.dyndns for hosts without proper reverse name -# use db/access.ip for IPv4 and IPv6 IP addresses -# empty lines and lines starting with # are ignored -# regular expression matching is used here, -# hostnames are converted to lowercase before matching -# -# Examples: -#^menuhin\.burden\.eu\.org$ -#^.*\.mydomain\.org$ -# -# This would allow everyone with a valid reverse name to connect: -#.* diff -uNr ffproxy-1.6-RC1/db/access.ip ffproxy-RC2/db/access.ip --- ffproxy-1.6-RC1/db/access.ip 2003-08-08 14:01:18.000000000 +0200 +++ ffproxy-RC2/db/access.ip 1970-01-01 01:00:00.000000000 +0100 @@ -1,21 +0,0 @@ -# db/access.ip -# -# put IPv4 and IPv6 addresses allowed to connect here -# empty lines and lines starting with # are ignored -# regular expression matching is used here -# -# Examples: -#^192\.168\.10\.(1|2|3|128)$ -#^127\.0\.0\.1$ -#^2001:768:18ff:4:: -#:bfcf%9005$ -# -# This allows everyone to connect: -#.* -# -# This allows everyone to connect via IPv6: -#: -# -# This allows everyone to connect via IPv4: -#\. -# diff -uNr ffproxy-1.6-RC1/db/filter.header.add ffproxy-RC2/db/filter.header.add --- ffproxy-1.6-RC1/db/filter.header.add 2003-08-07 21:51:06.000000000 +0200 +++ ffproxy-RC2/db/filter.header.add 1970-01-01 01:00:00.000000000 +0100 @@ -1,13 +0,0 @@ -# db/filter.header.add -# -# put header entries to add to outgoing headers here -# use db/filter.header.entry to delete header entries via string matching -# use db/filter.header.match to delete header entries via regular expressions -# empty lines and lines starting with # are ignored -# -# Examples: -#User-Agent: Mozilla/4.0 (4.0; BarOS; BazCompatible; QuxExtension; QuuxDumb) -# -# The following entries should always be used: -Connection: close -Proxy-Connection: close diff -uNr ffproxy-1.6-RC1/db/filter.header.drop ffproxy-RC2/db/filter.header.drop --- ffproxy-1.6-RC1/db/filter.header.drop 2003-08-08 14:10:56.000000000 +0200 +++ ffproxy-RC2/db/filter.header.drop 1970-01-01 01:00:00.000000000 +0100 @@ -1,9 +0,0 @@ -# db/filter.header.drop -# -# put header entries here that cause ffproxy to drop entire request -# empty lines and lines starting with # are ignored -# string matching is performed here (case insensitive) -# -# Examples: -#Cookie: -#Session-Id: diff -uNr ffproxy-1.6-RC1/db/filter.header.entry ffproxy-RC2/db/filter.header.entry --- ffproxy-1.6-RC1/db/filter.header.entry 2003-08-08 14:11:04.000000000 +0200 +++ ffproxy-RC2/db/filter.header.entry 1970-01-01 01:00:00.000000000 +0100 @@ -1,23 +0,0 @@ -# db/filter.header.entry -# -# put header entries to remove here -# use filter.header.add to add custom entries -# use filter.header.match to remove entries via regular expressions -# empty lines and lines starting with # are ignored -# string matching is performed here (case insensitive) -# -# Examples: -#Accept-Language: -#User-Agent: -#From: -# -# Prohibit cookie usage: -#Set-Cookie: -#Cookie: -# -# The following entries should always be used: -Accept-Encoding: -Accept: -Connection: -Proxy-Connection: -Host: diff -uNr ffproxy-1.6-RC1/db/filter.header.match ffproxy-RC2/db/filter.header.match --- ffproxy-1.6-RC1/db/filter.header.match 2003-08-08 13:59:57.000000000 +0200 +++ ffproxy-RC2/db/filter.header.match 1970-01-01 01:00:00.000000000 +0100 @@ -1,11 +0,0 @@ -# db/filter.header.match -# -# put header entries to remove here -# use filter.header.add to add custom entries -# use filter.header.entry to remove entries without regular expressions -# empty lines and lines starting with # are ignored -# regular expression matching is performed here -# -# Examples: -#\*/\* -#iso-8859-([1-9]|1[0-4]) diff -uNr ffproxy-1.6-RC1/db/filter.host.match ffproxy-RC2/db/filter.host.match --- ffproxy-1.6-RC1/db/filter.host.match 2003-08-08 14:11:24.000000000 +0200 +++ ffproxy-RC2/db/filter.host.match 1970-01-01 01:00:00.000000000 +0100 @@ -1,39 +0,0 @@ -# db/filter.host.match -# -# put hosts disallowed connecting to here -# empty lines and lines starting with # are ignored -# regular expression matching is used, -# hostnames are converted to lower case before matching -# -# Examples: -# Don't get ads from hostnames matching these expressions: -#endemann -#bannercommunity -#doubleclick -#sponsornetz -#badservant -# -# Don't connect to `bad' sites: -#adult -#xxx -#sex -#porn -#gamez -#warez -#eroti[ck] -#erotik -# -# More ads: -#^ad(s|[0-9]*)\..* -#^.*\.admaster.* -#^adserver\..* -#^adfarm.*\..* -#^bs.*\.gmx\.net$ -#^banner.*\..* -#^finance\.altavista\..* -#^werbung.*\..* -# -# Don't allow Opera to connect to its secret servers: -#^213\.165\.64\.4.$ -#^213\.165\.64\.3.$ -#^rgs.*\.opera\.com$ diff -uNr ffproxy-1.6-RC1/db/filter.rheader.drop ffproxy-RC2/db/filter.rheader.drop --- ffproxy-1.6-RC1/db/filter.rheader.drop 2003-08-08 14:11:36.000000000 +0200 +++ ffproxy-RC2/db/filter.rheader.drop 1970-01-01 01:00:00.000000000 +0100 @@ -1,16 +0,0 @@ -# db/filter.rheader.drop -# response filtering -# -# put header entries here that cause ffproxy to drop entire response -# empty lines and lines starting with # are ignored -# string matching is performed here (case insensitive) -# -# Examples: -#Content-Type: application/ -# -# perhaps better: -#application/ -#audio/mpeg -# -#Cookie: -#Session-Id: diff -uNr ffproxy-1.6-RC1/db/filter.rheader.entry ffproxy-RC2/db/filter.rheader.entry --- ffproxy-1.6-RC1/db/filter.rheader.entry 2003-08-08 14:11:43.000000000 +0200 +++ ffproxy-RC2/db/filter.rheader.entry 1970-01-01 01:00:00.000000000 +0100 @@ -1,16 +0,0 @@ -# db/filter.rheader.entry -# response filtering -# -# put header entries to remove from response here -# use filter.rheader.match to remove entries via regular expressions -# empty lines and lines starting with # are ignored -# string matching is performed here (case insensitive) -# -# Examples: -# Prohibit cookie usage: -#Set-Cookie: -#Cookie: -# -# The following entries should always be used: -Connection: -Proxy-Connection: diff -uNr ffproxy-1.6-RC1/db/filter.rheader.match ffproxy-RC2/db/filter.rheader.match --- ffproxy-1.6-RC1/db/filter.rheader.match 2003-08-08 14:02:10.000000000 +0200 +++ ffproxy-RC2/db/filter.rheader.match 1970-01-01 01:00:00.000000000 +0100 @@ -1,10 +0,0 @@ -# db/filter.rheader.match -# response filtering -# -# put header entries to remove from response here -# use filter.rheader.entry to remove entries without regular expressions -# empty lines and lines starting with # are ignored -# regular expression matching is performed here -# -# Examples: -#[Cc]ookie: diff -uNr ffproxy-1.6-RC1/db/filter.url.match ffproxy-RC2/db/filter.url.match --- ffproxy-1.6-RC1/db/filter.url.match 2003-08-08 14:02:19.000000000 +0200 +++ ffproxy-RC2/db/filter.url.match 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ -# db/filter.url.match -# -# put URIs to filter here -# empty lines and lines starting with # are ignored -# regular expression matching is used -# -# Examples: -# Filter Ads: -#WERBUNG -#/ads/ -#/RealMedia -#\.ads/ -#ooperatio -#/advert -#banner/ -#/scripts/cms/ -#/xrps\.asp -#/event\.ng -# -# File types we don't like: -# (also use Content-Type filtering via db/filter.rheader.drop) -#\.com$ -#\.exe$ -#\.doc$ -# -/\.\./ diff -uNr ffproxy-1.6-RC1/db.c ffproxy-RC2/db.c --- ffproxy-1.6-RC1/db.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/db.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,411 +0,0 @@ -/* - * ffproxy (c) 2002-2004 Niklas Olmes - * http://faith.eu.org - * - * $Id: db.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "cfg.h" -#include "print.h" -#include "msg.h" -#include "alloc.h" -#include "file.h" -#include "db.h" - -static void clear_databases(void); -static void clear_db(char *[]); -static void clear_rdb(regex_t *[]); -static void read_db(const char *, char *[]); -static void read_rdb(const char *, regex_t *[]); -static void read_file(const char *, struct msg *); -static void read_config_file(void); -static void verify_config(void); - -#define MAX_E 256 -regex_t *a_ip[MAX_E]; -regex_t *a_host[MAX_E]; -char *a_dyndns[MAX_E]; -regex_t *f_host[MAX_E]; -regex_t *f_url[MAX_E]; -regex_t *f_hdr_drop[MAX_E]; -regex_t *f_hdr_match[MAX_E]; -char *f_hdr_entry[MAX_E]; -char *f_hdr_add[MAX_E]; -regex_t *f_rhdr_drop[MAX_E]; -regex_t *f_rhdr_match[MAX_E]; -char *f_rhdr_entry[MAX_E]; -struct msg e_inv; -struct msg e_res; -struct msg e_con; -struct msg e_post; -struct msg e_fil; - - -void -reload_databases(void) -{ - clear_databases(); - load_databases(); -} - -void -load_databases(void) -{ - extern struct cfg config; - - read_config_file(); - verify_config(); - - if (*config.dbdir != '\0' && chdir(config.dbdir) != 0) - fatal("could not chdir() to dbdir (%s)", config.dbdir); - - read_rdb("db/access.ip", a_ip); - read_rdb("db/access.host", a_host); - read_db("db/access.dyndns", a_dyndns); - read_rdb("db/filter.host.match", f_host); - read_rdb("db/filter.url.match", f_url); - read_rdb("db/filter.header.drop", f_hdr_drop); - read_rdb("db/filter.header.match", f_hdr_match); - read_db("db/filter.header.entry", f_hdr_entry); - read_db("db/filter.header.add", f_hdr_add); - read_rdb("db/filter.rheader.drop", f_rhdr_drop); - read_rdb("db/filter.rheader.match", f_rhdr_match); - read_db("db/filter.rheader.entry", f_rhdr_entry); - read_file("html/invalid", &e_inv); - read_file("html/resolve", &e_res); - read_file("html/connect", &e_con); - read_file("html/post", &e_post); - read_file("html/filtered", &e_fil); -} - -static void -clear_databases(void) -{ - clear_rdb(a_ip); - clear_rdb(a_host); - clear_db(a_dyndns); - clear_rdb(f_host); - clear_rdb(f_url); - clear_rdb(f_hdr_drop); - clear_rdb(f_hdr_match); - clear_db(f_hdr_entry); - clear_db(f_hdr_add); - clear_rdb(f_rhdr_drop); - clear_rdb(f_rhdr_match); - clear_db(f_rhdr_entry); - free(e_inv.c); - free(e_res.c); - free(e_con.c); - free(e_post.c); - free(e_fil.c); - e_inv.len = e_res.len = e_con.len = e_post.len = e_fil.len = 0; -} - -static void -clear_db(char *db[]) -{ - int i; - - i = 0; - while (db[i] != NULL) { - free(db[i]); - db[i++] = NULL; - } -} - -static void -clear_rdb(regex_t * r[]) -{ - int i; - - i = 0; - while (r[i] != NULL) { - regfree(r[i]); - free(r[i]); - r[i++] = NULL; - } -} - -static void -read_db(const char *f, char *db[]) -{ - FILE *fp; - char buf[512], *p; - size_t i; - - fp = my_fopen(f); - - i = 0; - while (fgets(buf, sizeof(buf), fp) != NULL && i < MAX_E - 1) { - if (buf[0] == '#' || buf[0] == '\r' || buf[0] == '\n') - continue; - if ((p = strchr(buf, '\n')) == NULL) { - (void) fclose(fp); - fatal_n("line too long in file %s", f); - } - *p = '\0'; - p = (char *) my_alloc(strlen(buf) + 1); - strcpy(p, buf); - db[i++] = p; - } - (void) fclose(fp); - - db[i] = NULL; -} - -static void -read_rdb(const char *f, regex_t * r[]) -{ - FILE *fp; - regex_t *regex; - char buf[512], *p; - char errbuf[512]; - size_t i; - int err; - - fp = my_fopen(f); - - i = 0; - while (fgets(buf, sizeof(buf), fp) != NULL && i < MAX_E - 1) { - if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') - continue; - if ((p = strchr(buf, '\n')) == NULL) { - (void) fclose(fp); - fatal_n("line too long in file %s", f); - } - *p = '\0'; - regex = (regex_t *) my_alloc(sizeof(regex_t)); - if ((err = regcomp(regex, buf, REG_EXTENDED)) != 0) { - (void) regerror(err, regex, errbuf, sizeof(errbuf)); - warn("invalid regular expression (%s) in file (%s): %s", buf, f, errbuf); - free(regex); - continue; - } - r[i++] = regex; - } - (void) fclose(fp); - - r[i] = NULL; -} - -static void -read_file(const char *fn, struct msg * m) -{ - int f; - char buf[8192]; - ssize_t len; - - f = my_open(fn); - len = read(f, &buf, sizeof(buf)); - - m->c = (char *) my_alloc(len + 1); - (void) memcpy(m->c, buf, len); - m->c[len] = '\0'; - m->len = len; - - (void) close(f); -} - -#include "dns.h" - -static void -read_config_file(void) -{ - extern struct cfg config; - FILE *fp; - char obuf[100]; - char abuf[100]; - char b[300]; - - if (*config.file == '\0') { - ; - } else if ((fp = fopen(config.file, "r")) != NULL) { - while (fgets(b, sizeof(b), fp) != NULL) { - (void) sscanf(b, "%99s %99s", obuf, abuf); - if (config.first && strcmp("daemonize", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.daemon = 1; - else - config.daemon = 0; - continue; - } else if (strcmp("child_processes", obuf) == 0) { - config.childs = atoi(abuf); - continue; - } else if (config.first && strcmp("bind_ipv4", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.bind_ipv4 = 1; - else - config.bind_ipv4 = 0; - continue; - } else if (config.first && strcmp("bind_ipv6", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.bind_ipv6 = 1; - else - config.bind_ipv6 = 0; - continue; - } else if (config.first && strcmp("bind_ipv4_host", obuf) == 0) { - (void) strncpy(config.ipv4, abuf, sizeof(config.ipv4) - 1); - config.ipv4[sizeof(config.ipv4) - 1] = '\0'; - continue; - } else if (config.first && strcmp("bind_ipv6_host", obuf) == 0) { - (void) strncpy(config.ipv6, abuf, sizeof(config.ipv6) - 1); - config.ipv6[sizeof(config.ipv6) - 1] = '\0'; - continue; - } else if (config.first && strcmp("port", obuf) == 0) { - config.port = atoi(abuf); - continue; - } else if (strcmp("use_ipv6", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.use_ipv6 = 1; - else - config.use_ipv6 = 0; - continue; - } else if (config.first && strcmp("uid", obuf) == 0) { - if (!(config.uid = atoi(abuf))) { - struct passwd *pwd; - if ((pwd = getpwnam(abuf))) - config.uid = (unsigned long) pwd->pw_uid; - else - fatal_n("UID %s not found", abuf); - } - continue; - } else if (config.first && strcmp("gid", obuf) == 0) { - if (!(config.gid = atoi(abuf))) { - struct group *grp; - if ((grp = getgrnam(abuf))) - config.gid = (unsigned long) grp->gr_gid; - else - fatal_n("GID %s not found", abuf); - } - continue; - } else if (config.first && strcmp("chroot_dir", obuf) == 0) { - (void) strncpy(config.chroot, abuf, sizeof(config.chroot) - 1); - config.chroot[sizeof(config.chroot) - 1] = 0; - continue; - } else if (strcmp("forward_proxy", obuf) == 0) { - (void) strncpy(config.proxyhost, abuf, sizeof(config.proxyhost) - 1); - config.proxyhost[sizeof(config.proxyhost) - 1] = 0; - continue; - } else if (strcmp("forward_proxy_port", obuf) == 0) { - config.proxyport = atoi(abuf); - continue; - } else if (strcmp("forward_proxy_ipv6", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.aux_proxy_ipv6 = 1; - else - config.aux_proxy_ipv6 = 0; - continue; - } else if (config.first && strcmp("db_files_path", obuf) == 0) { - (void) strncpy(config.dbdir, abuf, sizeof(config.dbdir) - 1); - config.dbdir[sizeof(config.dbdir) - 1] = 0; - continue; - } else if (strcmp("backlog_size", obuf) == 0) { - config.backlog = atoi(abuf); - continue; - } else if (strcmp("use_syslog", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.syslog = 1; - else - config.syslog = 0; - continue; - } else if (strcmp("log_all_requests", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.logrequests = 1; - else - config.logrequests = 0; - continue; - } else if (strcmp("accel_host", obuf) == 0) { - (void) strncpy(config.accelhost, abuf, sizeof(config.accelhost) - 1); - config.accelhost[sizeof(config.accelhost) - 1] = '\0'; - continue; - } else if (strcmp("accel_port", obuf) == 0) { - config.accelport = atoi(abuf); - continue; - } else if (strcmp("accel_user_host", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.accelusrhost = 1; - else - config.accelusrhost = 0; - continue; - } else if (strcmp("use_keep_alive", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.kalive = 1; - else - config.kalive = 0; - continue; - } else if (strcmp("unrestricted_connect", obuf) == 0) { - if (strcmp(abuf, "yes") == 0) - config.unr_con = 1; - else - config.unr_con = 0; - continue; - } else if (strcmp("timeout_connect", obuf) == 0) { - config.to_con = atoi(abuf); - continue; - } else if (!config.first) { - continue; - } else if (*obuf != '#') { - warn("unknown option in config file %s: %s", config.file, obuf); - continue; - } - } - (void) fclose(fp); - } else { - if (strcmp(config.file, CFGFILE) == 0) - info("default config file (%s) not available, not using config file", CFGFILE); - else - fatal("unable to open config file %s", config.file); - } - config.first = 0; -} - -#define ZHWRONG(a, o, v) if(a < 1 || a > v) fatal_n("%s is set < 1 or value is too high (maximum: %d, current: %d)", o, v, a); -#define HWRONG(a, o, v) if(a < 0 || a > v) fatal_n("Value of %s is set too high or negative (maximum: %d, current: %d)", o, v, a); -#define HUWRONG(a, o, v) if(a > v) fatal_n("Value of %s is set too high (maximum: %d, current: %d)", o, v, a); - -static void -verify_config(void) -{ - extern struct cfg config; - - HUWRONG(config.port, "port", MAX_PORTS); - ZHWRONG(config.childs, "child_processes", MAX_CHILDS); - HWRONG(config.backlog, "backlog_size", MAX_BACKLOG); - HUWRONG(config.proxyport, "forward_proxy_port", MAX_PORTS); - HUWRONG(config.uid, "uid", MAX_UID); - HUWRONG(config.gid, "gid", MAX_GID); - HUWRONG(config.accelport, "accel_port", MAX_PORTS); - - if ((config.uid && !config.gid) || (!config.uid && config.gid)) - fatal_n("Only one of uid and gid is set to non-zero.\nYou have to use both or none of them"); - if (*config.accelhost && config.accelport) - config.accel = 1; - else - config.accel = 0; - if (!config.bind_ipv4 && !config.bind_ipv6) - fatal_n("Both IPv4 and IPv6 binding disabled. This makes no sense"); -} diff -uNr ffproxy-1.6-RC1/db.h ffproxy-RC2/db.h --- ffproxy-1.6-RC1/db.h 2003-08-08 16:10:28.000000000 +0200 +++ ffproxy-RC2/db.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -void load_databases(void); -void reload_databases(void); diff -uNr ffproxy-1.6-RC1/dbs.h ffproxy-RC2/dbs.h --- ffproxy-1.6-RC1/dbs.h 2002-07-25 14:24:10.000000000 +0200 +++ ffproxy-RC2/dbs.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,20 +0,0 @@ -#include - -extern regex_t *a_ip[]; -extern regex_t *a_host[]; -extern char *a_dyndns[]; -extern regex_t *f_host[]; -extern regex_t *f_url[]; -extern regex_t *f_hdr_drop[]; -extern regex_t *f_hdr_match[]; -extern char *f_hdr_entry[]; -extern char *f_hdr_add[]; -extern regex_t *f_rhdr_drop[]; -extern regex_t *f_rhdr_match[]; -extern char *f_rhdr_entry[]; -extern char *e_inv; -extern char *e_res; -extern char *e_con; -extern char *e_post; -extern char *e_fil; -extern char *e_nic; diff -uNr ffproxy-1.6-RC1/dns.c ffproxy-RC2/dns.c --- ffproxy-1.6-RC1/dns.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/dns.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,94 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: dns.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include -#include - -#include -#include -#include - -#include "req.h" -#include "alloc.h" -#include "print.h" -#include "dns.h" - -static char *ip_to_a(in_addr_t); - -in_addr_t -resolve(const char *h) -{ - struct hostent *hp; - in_addr_t ip; - - if ((ip = inet_addr(h)) != INADDR_NONE) - return ip; - - if ((hp = gethostbyname(h)) == NULL) - return INADDR_NONE; - else { - (void) memcpy(&ip, hp->h_addr, hp->h_length); - return ip; - } -} - -static char * -ip_to_a(in_addr_t ip) -{ - char *p; - struct in_addr addr; - - addr.s_addr = ip; - p = inet_ntoa(addr); - - return p; -} - -char * -resolve_to_a(const char *h) -{ - char *p; - - p = ip_to_a(resolve(h)); - - return p; -} - -struct clinfo * -identify(const struct sockaddr * addr, socklen_t salen) -{ - struct clinfo *host; - - host = (struct clinfo *) my_alloc(sizeof(struct clinfo)); - (void) memset(host, 0, sizeof(struct clinfo)); - - if (getnameinfo(addr, salen, host->name, sizeof(host->name), NULL, 0, NI_NAMEREQD)) - *host->name = '\0'; - DEBUG(("identify() => getnameinfo() for Reverse Name returned (%s)", host->name)); - - if (getnameinfo(addr, salen, host->ip, sizeof(host->ip), NULL, 0, NI_NUMERICHOST)) - *host->ip = '\0'; - DEBUG(("identify() => getnameinfo() for IP Address returned (%s)", host->ip)); - - return host; -} diff -uNr ffproxy-1.6-RC1/dns.h ffproxy-RC2/dns.h --- ffproxy-1.6-RC1/dns.h 2003-08-09 00:44:47.000000000 +0200 +++ ffproxy-RC2/dns.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,11 +0,0 @@ -#include -#include -#include - -#ifndef INADDR_NONE -#define INADDR_NONE -1 -#endif - -in_addr_t resolve(const char *); -char *resolve_to_a(const char *); -struct clinfo *identify(const struct sockaddr *, socklen_t); diff -uNr ffproxy-1.6-RC1/ffproxy.8 ffproxy-RC2/ffproxy.8 --- ffproxy-1.6-RC1/ffproxy.8 2004-06-08 01:19:03.000000000 +0200 +++ ffproxy-RC2/ffproxy.8 1970-01-01 01:00:00.000000000 +0100 @@ -1,361 +0,0 @@ -.\" $Id: ffproxy.8,v 1.8.2.2 2003/08/17 20:10:22 niklas Exp $ -.\" Copyright (c) 2002-2004 Niklas Olmes -.\" See COPYING for license (GNU GPL) -.\" http://faith.eu.org -.Dd June 8, 2004 -.Dt ffproxy 8 -.Sh NAME -.Nm ffproxy -.Nd filtering HTTP(S) proxy server -.Sh SYNOPSIS -.Nm ffproxy -.Op Fl p Ar port -.Op Fl c Ar ip|hostname -.Op Fl C Ar ip|hostname -.Op Fl l Ar childs -.Op Fl u Ar uid|user Fl g Ar gid|group -.Op Fl r Ar dir -.Op Fl D Ar datadir -.Op Fl x Ar proxyip|proxyhost Fl X Ar proxyport -.Op Fl a Ar ip|hostname -.Op Fl A Ar port -.Op Fl f Ar configfile -.Op Fl ds4bBhv -.Sh DESCRIPTION -.Nm ffproxy -is a filtering HTTP(S) proxy server. It is able to filter -by host, url, and header. Custom header entries can be filtered -and added. It can even drop its privileges and -.Xr chroot 2 -to some -directory. Logging to -.Xr syslogd 8 -is supported, as is using another auxiliary proxy server. -IPv6 is fully supported and allows IPv6 HTTP over IPv4 -tunneling (and vice versa). -.Pp -Remind that there is an alternative to command line options -by using configuration files. See -.Xr ffproxy.conf 5 -and -.Pa sample.config -for details. It allows options that are not available -on command line. -.Pp -The following command line options are recognized. They specify -general settings like IP to bind to or place of the db/ and html/ -directories. Note that arguments to options must be seperated -from the option by spaces, as are such options from each other. -.Pp -.Bl -tag -width "message" -.It Fl p Ar port -Bind to port. Default is 8080. -.It Fl c Ar ip|hostname -Bind to IPv4. Default is any IPv4. -.It Fl C Ar ip|hostname -Bind to IPv6. Default is any IPv6. -.It Fl l Ar childs -Maximum number of child processes to be forked. That is, the -maximum number of concurrent requests allowed. Default is 10. -.It Fl u Ar uid|user Fl g Ar gid|group -Change UID and GID. Both options must be used. Default is -not changing UID and GID. -.It Fl r Ar dir -Change root -.Xr chroot 7 -to dir. Used in conjunction with -u and -g. Because ffproxy -drops its privileges and chroots after reading the configuration files, --D should be set to . (the current dir). It might need -.Pa /etc/resolv.conf -copied as etc/resolv.conf in its working directory. Example: -``# cd /var/ffproxy ; /usr/local/bin/ffproxy -r /var/ffproxy -D . -d -u proxy -g proxy -f ""'' -.It Fl x Ar ip|hostname -Specify IP (or hostname) of an auxiliary proxy server that -the program will forward requests to. Used together with -X. -.It Fl X Ar port -Port number of auxiliary proxy. -.It Fl D Ar dir -Location of the db/ and html/ directories. For example, -specifying -D /var/ffproxy tells the proxy to search -for db/ files in -.Pa /var/ffproxy/db/ -and html/ files in -.Pa /var/ffproxy/html/ . -.It Fl a Ar ip|hostname -Auxiliary forward HTTP server to use (see section HTTP ACCELERATOR). -.It Fl A Ar port -Port to use for above. Defaults to 80. -.It Fl f Ar configfile -User configuration file to load. Please note that command -line options get overwritten by set configuration file options. -Default location is -.Pa /etc/ffproxy.conf . -Read -.Xr ffproxy.conf 5 -for details. Use -f "" to disable configuration files. -.It Fl d -Run as daemon. -.It Fl s -Be silent. Don't log to syslog. -.It Fl 4 -Use IPv4 only. Do not try contacting servers via IPv6. -.It Fl b -Don't bind to IPv4. Might be needed under Linux 2.4, due to a ``Feature'' -IPv6 binds to IPv4, too. Try using this option or bind to specific -IPv6 address via -C. -.It Fl B -Don't bind to IPv6. -.It Fl h -Show usage information. -.It Fl v -Display version number. -.El -.Sh THE DB/ DIRECTORY -The db/ directory contains files that control the behaviour -of ffproxy. The files for filtering are prefixed by `filter'. -Access to the proxy server is controlled by files with prefix -`host'. -.Ss Filtering -Requests or header entries to be filtered are matched by extended -regular expressions or case insensitive by strings. -.Pp -ffproxy is able to filter requests by host, header, remote header, and URL. -The specific files are -.Pp -.Bl -tag -width xxxx -compact -offset indent -.It Ar filter.host.match -.It Ar filter.header.drop -.It Ar filter.header.entry -.It Ar filter.header.match -.It Ar filter.rheader.drop -.It Ar filter.rheader.entry -.It Ar filter.rheader.match -.It Ar filter.url.match -.El -.Pp -Files ending in `drop' specify requests to be completely filtered (dropped). -Files ending in `entry' specify header entries to be removed from the header. -They are matched case insensitive without extended regular expressions. -Files ending in `match' specify extended regular expressions to be -matched against header entries, host, or URL. -.Pp -Adding custom header entries is also supported. The entries of file -.Pa filter.header.add -will be added to every outgoing request. -.Ss Access Control -Access to the proxy is controlled through the files prefixed `host'. -.Pp -.Pa host.dyndns -contains host names with dynamic -IPv4 addresses. The host names are resolved to IPv4 addresses and -compared to the client's IP. If it matches, access is granted. -.Pp -.Pa host.ip -contains static IPv4 and IPv6 address. -.Pp -.Pa host.name -contains official hostnames (reverse lookup). -.Pp -Except for -.Pa host.dyndns , -the files contain extended regular expressions. -If any of the entries matches, access is granted. -.Ss Layout of db/ Files -Every mentioned file above must exist, although it may be empty. -Every entry is exactly one line. Empty lines are ignored, as -are lines beginning with a # (comments). -.Pp -The location of the db/ directory may be specified by an -argument to the command line option -D. -If this option and configuration file option db_files_path are not used, -ffproxy will search for db/ and html/ in -.Pa /var/ffproxy . -.Pp -ffproxy comes with sample db/ files. They also contain -needed and suggested entries, as described next. -.Ss Suggested db/ file entries -The file -.Pa filter.header.entry -should contain following entries for the program's proper operation -.Bd -literal -offset indent -Accept-Encoding: -Accept: -Connection: -Proxy-Connection: -Host: -.Ed -.Pp -First two lines are needed for browsers that send out Accept*: Headers -but don't understand encoded data coming back from the proxy. -Host: has to be removed, since proxies require absolute URIs -(Host: is redundant). -.Pp -.Pa filter.header.add -should contain -.Bd -literal -offset indent -Connection: close -Proxy-Connection: close -.Ed -.Pp -We removed the two entries through -.Pa filter.header.entry -and now implant our own to force disconnection after each -request. -.Pp -.Pa filter.rheader.entry -should contain -.Bd -literal -offset indent -Connection: -Proxy-Connection: -.Ed -.Pp -Whatever the server answered, we remove it. -.Sh THE HTML/ DIRECTORY -This directory contains files with HTTP header -and HTML that are sent to -the user's browser if either an error occured or -a request was filtered. In the files, the variable -.Va $u -will be replaced by the URL, -.Va $h -by the host to connect to, and -.Va $c -by the hostname of the client. -.Pp -Since the files are loaded into memory for faster -execution, the size of each file is limited to -about 8 kB (what is more than enough, the default -files are under 1 kB). -.Pp -The specific files are (every file must exist) -.Pp -.Bl -tag -width xxxxxxxxxxx -compact -offset indent -.It Ar connect -Connection failed (503) -.It Ar filtered -Request filtered (200) -.It Ar invalid -Invalid request (400) -.It Ar post -Unable to post data (400) -.It Ar resolve -Resolve error (503) -.El -.Sh HTTP ACCELERATOR -ffproxy may also be used as a HTTP accelerator, that -is, connecting to just one HTTP server and beeing -a front-end to that. Use accel_host and accel_port -in configuration file or command line options -a and -A -to use this feature. -.Pp -Default behaviour is *not* sending Host: header to -allow insertion of a custom one via -.Pa filter.header.add -(see section THE DB/ DIRECTORY) -or keeping the original one used by connecting client -(`Host:' hast to be removed from default -.Pa filter.header.entry , -of course). To change this, use `accel_user_host no' -in the configuration file. ``Host: accel_host:accel_port'' -will be used then. -.Sh TRANSPARENT OPERATION -It is possible to redirect all HTTP traffic, that is, -traffic to port 80, to the proxy's listening port. It will -then transparently act as a HTTP proxy, the client not -even knowing it is connecting to a proxy. -.Pp -On OpenBSD one could enable this by -adding a line like -.Bd -literal -offset indent -rdr on rl0 proto tcp from any to any port 80 -> 127.0.0.1 port 8080 -.Ed -.Pp -to -.Pa /etc/pf.conf . -In this example, rl0 is the local interface. All traffic -coming from rl0 directed to port 80 (HTTP standard port) -is sent to 127.0.0.1:8080 where ffproxy is supposed -to be listening. -.Sh KEEP ALIVE -The program supports keep alive on client to proxy connections. -This is used automatically by default and may be disabled -by setting `use_keep_alive no' in the configuration file. -.Sh HTTPS OPERATION -The proxy allows HTTPS proxying via implementation of the -CONNECT request method. By default, only port 443 is -allowed for CONNECT. This may be changed by using -`unrestricted_connect yes' in the configuration file. -Timeout may also be tuned by `timeout_connect seconds'. -.Sh RELOADING CONFIGURATION -Send a SIGHUP to the pid of the ffproxy master process -to let it reload db/ files, html/ files, *and* configuration file. -If no configuration file was specified, -.Pa /etc/ffproxy.conf -is tried. Of course, only some changes to the program can be -done at runtime. See -.Xr ffproxy.conf 5 -for details on options that may be changed at runtime. -.Pp -If daemonized, the master process writes the pid file -.Pa ffproxy.pid -to the working directory, that is, the directory -specified by db_files_path or the command line parameter -D. -It defaults to -.Pa /var/ffproxy . -The program will terminate if writing fails. -.Sh LOGGING -By default, the proxy logs incorrect and filtered requests. -To log all requests, use the configuration file keyword -`log_all_requests yes'. Please make sure that you seperate -the programs log output from that of other programs by modifying -.Xr syslog.conf 5 , -since the output is very noisy. -.Sh FILES -Behaviour of ffproxy is determined by -.Bl -bullet -.It -startup options given either on the command line -or read from configuration files -- -.Pa /etc/ffproxy.conf -is loaded by default. -.It -the files in db/ which specify filtering options -and who is allowed to connect and use ffproxy -.El -.Pp -If daemonized, ffproxy writes the pid of its master -process to the file named -.Pa ffproxy.pid -in its working directory -- -.Pa /var/ffproxy -by default. -.Sh SEE ALSO -.Pa sample.config -for a sample configuration file -.Pp -.Pa /etc/ffproxy.conf -for default configuration file -.Pp -.Xr ffproxy.conf 5 -for details on config file -.Pp -.Xr ffproxy.quick 7 -for a short description of how to set up the proxy -.Pp -.Pa http://faith.eu.org/programs.html -for latest version and patches -.Pp -.Xr regex 7 , -.Xr re_format 7 , -.Xr syslogd 8 , -.Xr chroot 2 , -.Xr kill 1 -.Sh CONTRIBUTORS -Dobrica Pavlinusic -provided patches for http accelerator feature -.Sh VERSION -This manual documents ffproxy 1.6 (2004-06-08). -.Pp -Send bug reports, comments, suggestions to -.Sh AUTHOR -Niklas Olmes diff -uNr ffproxy-1.6-RC1/ffproxy.conf.5 ffproxy-RC2/ffproxy.conf.5 --- ffproxy-1.6-RC1/ffproxy.conf.5 2004-06-08 01:13:34.000000000 +0200 +++ ffproxy-RC2/ffproxy.conf.5 1970-01-01 01:00:00.000000000 +0100 @@ -1,223 +0,0 @@ -.\" $Id: ffproxy.conf.5,v 1.9.2.1 2003/08/17 19:57:52 niklas Exp $ -.\" Copyright (c) 2002-2004 Niklas Olmes -.\" See COPYING for license (GNU GPL) -.\" http://faith.eu.org -.Dd June 8, 2004 -.Dt ffproxy.conf 5 -.Sh NAME -.Nm ffproxy.conf -.Nd filtering HTTP(S) proxy server configuration file -.Sh DESCRIPTION -.Nm ffproxy -is a filtering HTTP(S) proxy server. It is able to filter -by host, url, and header. Custom header entries can be filtered -and added. It can even drop its privileges and -.Xr chroot 2 -to some -directory. Logging to -.Xr syslogd 8 -is supported, as is using another auxiliary proxy server. -IPv6 is fully supported and allows IPv6 HTTP over IPv4 -tunneling (and vice versa). -.Pp -This manual describes how to use configuration files with the program -and documents the options. -.Sh USING CONFIGURATION FILES -.Ss Default ffproxy.conf -If the command line parameters -f or -F are not used, the proxy -tries to open -.Pa /etc/ffproxy.conf . -If this file does not exist, the program continues execution. -.Ss User Configuration File -Use command line parameter -f to load a non-default configuration -file. You will notice the warning at the program's startup. This -is due to the programs implementation that allows to reload -all configuration files. To disable the warning, use -F instead. -.Ss Deactivating -To use command line options only, use -f "". -.Ss Reloading Configuration -To let the proxy reload its configuration files, that is, besides -the configuration file specified, the contents of db/ and html/, -send the signal HUP to the program's master process. If -ffproxy runs daemonized, the PID can be found in -.Pa db_files_path/ffproxy.conf . -Otherwise look into your system's syslog log files or process table. -.Pp -Options that can be successfully altered at runtime are -.Bd -literal -offset indent -child_processes -use_ipv6 -use_syslog -log_all_requests -forward_proxy -forward_proxy_port -forward_proxy_ipv6 -accel_host -accel_port -accel_user_host -use_keep_alive -unrestricted_connect -timeout_connect -backlog_size -.Ed -.Pp -Set `accel_port 0' or `forward_proxy_port 0' to explicitly disable -acceleration or auxiliary proxy. Commenting out options is not -sufficient, since configuration options may only overwritten. -.Pp -Changes to other options not mentioned above get silently ignored. -.Sh CONFIGURATION OPTIONS -.Bd -literal -# -# lines starting with '#' are comments -# - -# run as daemon? -# (default: no) -#daemonize yes -#daemonize no - -# number of child processes, -# that is, the maximum number of concurrent requests -# (default: 10) -#child_processes 10 - -# ffproxy binds to any IPv4 address -# and any IPv6 address by default -# -# bind to IPv4? (default: yes) -#bind_ipv4 no -#bind_ipv4 yes -# bind to IPv6? (default: yes) -#bind_ipv6 no -#bind_ipv6 yes -# -# Hostname or IP to bind to -# (default is any IP) -# -#bind_ipv4_host 192.168.10.1 -#bind_ipv4_host martyr.burden.eu.org -#bind_ipv6_host ::1 -#bind_ipv6_host oz.burden.eu.org - -# listen on port -# (default: 8080) -#port 1111 -#port 8080 - -# use IPv6 when contacting servers? -# (default: yes) -#use_ipv6 no -#use_ipv6 yes - -# use syslog? -# (default: yes) -#use_syslog no -#use_syslog yes - -# log all requests? -# (default: no) -# to use, set also use_syslog to yes -#log_all_requests yes -#log_all_requests no - -# change UID and GID -# -# to use, both uid and gid must be set -# (disabled by default) -#uid proxy -#gid proxy -#uid 37 -#gid 38 - -# change root to (only in connection with uid and gid change) -# /etc/resolv.conf might need to be copied -# to chroot_dir/etc/resolv.conf -# (disabled by default) -#chroot_dir /var/ffproxy - -# forward to proxy (auxiliary proxy) -# (set `forward_proxy_port 0' to explicitly disable feature -# (i.e, when reloading configuration file via SIGHUP)) -# (disabled by default) -#forward_proxy blackness.burden.eu.org -#forward_proxy 192.168.10.5 -#forward_proxy ::1 -#forward_proxy_port 8082 -#forward_proxy_port 0 - -# try IPv6 for auxiliary proxy? -# use_ipv6 must be set to yes, too -# (default: yes) -#forward_proxy_ipv6 no -#forward_proxy_ipv6 yes - -# path to db/ and html/ directories -# (default: /var/ffproxy) -# (Note: if ffproxy runs chrooted, -# give a path name relative to new root, or, -# if db_files_path is the same as root, use db_files_path ./ -# You have to start ffproxy in the new root directory, -# otherwise it won't find the database files. -# Please keep in mind that ffproxy's config file has to -# be within chroot directory, otherwise it will not find -# its config file on reload) -#db_files_path ./ -#db_files_path /var/ffproxy - -# http accelerator -# (disabled by default) -# -# if you want to use ffproxy as http accelerator (that is, connecting -# to just one http server and beeing used as front-end to that, e.g. -# in DMZ) uncomments options below (port is optional, defaults to 80) -# (set `accel_port 0' to explicitly disable feature -# (i.e, when reloading configuration file via SIGHUP)) -#accel_host 10.254.1.2 -#accel_host revelation.martyr.eu.org -#accel_port 80 -#accel_port 0 -# -# Omit Host: accel_host:accel_port in Header -# to provide own Host: header via db/filter.header.add? -# (default: yes) -#accel_user_host no -#accel_user_host yes - -# keep alive on client to proxy connections -# (enabled by default) -#use_keep_alive no -#use_keep_alive yes - -# allow CONNECT request to other than port 443 (HTTPS) -# (CONNECT enables HTTPS proxying) -# (disabled by default for security) -#unrestricted_connect yes -#unrestricted_connect no - -# timeout for CONNECT requests in seconds -# (default: 5) -#timeout_connect 20 -#timeout_connect 5 - -# backlog size for accept() -# (default: 4) -#backlog_size 16 -#backlog_size 4 -.Ed -.Sh VERSION -This manual documents ffproxy 1.6 (2004-06-08). -.Sh FILES -.Pa /etc/ffproxy.conf -default configuration file -.Pp -.Pa sample.config -sample configuration file -.Sh SEE ALSO -.Xr ffproxy 8 , -.Xr ffproxy.quick 7 , -.Xr regex 7 , -.Xr re_format 7 , -.Xr syslogd 8 , -.Xr chroot 2 , -.Xr kill 1 diff -uNr ffproxy-1.6-RC1/ffproxy.quick.7 ffproxy-RC2/ffproxy.quick.7 --- ffproxy-1.6-RC1/ffproxy.quick.7 2004-06-08 01:13:19.000000000 +0200 +++ ffproxy-RC2/ffproxy.quick.7 1970-01-01 01:00:00.000000000 +0100 @@ -1,145 +0,0 @@ -.\" $Id: ffproxy.quick.7,v 1.5.2.1 2003/08/17 19:57:52 niklas Exp $ -.\" Copyright (c) 2002-2004 Niklas Olmes -.\" See COPYING for license (GNU GPL) -.\" http://faith.eu.org -.Dd June 8, 2004 -.Dt ffproxy.quick 7 -.Sh NAME -.Nm ffproxy.quick -.Nd filtering HTTP(S) proxy server quick introduction -.Sh DESCRIPTION -.Nm ffproxy -is a filtering HTTP(S) proxy server. It is able to filter -by host, url, and header. Custom header entries can be filtered -and added. It can even drop its privileges and -.Xr chroot 2 -to some -directory. Logging to -.Xr syslogd 8 -is supported, as is using another auxiliary proxy server. -IPv6 is fully supported and allows IPv6 HTTP over IPv4 -tunneling (and vice versa). -.Pp -This manual describes how to set up a basic HTTP proxy installation. -It is assumed that you already have compiled the program or -installed it via port or package. -.Sh COPYING FILES -The program comes with default configuration files that contain -both examples and suggested entries. You can simply copy them to -a directory of your choice. This directory will become the program's -working directory. -.Bd -literal -offset indent -mkdir /var/ffproxy -tar cf - db/ html/ | ( cd /var/ffproxy ; tar xf - ) -cp sample.config /var/ffproxy/ffproxy.conf -.Ed -.Pp -Above example would install all needed files to -.Pa /var/ffproxy , -which is ffproxy's default working directory. -.Sh SECURING -The proxy now has its own working directory. By default, -ffproxy does not change UID/GID after start. For security -reasons we want to enable it. You have two choices know: -Either use existing UID/GID or add custom UID/GID for ffproxy. -See -.Xr adduser 8 -or -.Xr useradd 8 , -depending on your system, on how to create new IDs. -.Pp -Edit -.Pa ffproxy.conf -and change the lines containing uid and gid -.Bd -literal -offset indent -# change UID and GID -# -# to use, both uid and gid must be set -# (disabled by default) -#uid proxy -#gid proxy -uid _ffproxy -gid _ffproxy -.Ed -.Pp -In addition to changing UID and GID, ffproxy should be -executed change-rooted to its working directory. So we -change chroot_dir and db_files_path in the configuration file -.Bd -literal -offset indent -# change root to (only in connection with uid and gid change) -# (disabled by default) -chroot_dir /var/ffproxy - -# path to db/ and html/ directories -# (default: /var/ffproxy) -db_files_path . -.Ed -.Pp -db_files_path must be changed, too, since that is relative -to new root. Finally, we copy /etc/resolv.conf to ffproxy's -home to enable DNS in chroot and chown /var/ffproxy so -the proxy's master process can write its PID file -.Bd -literal -offset indent -mkdir /var/ffproxy/etc -cp /etc/resolv.conf /var/ffproxy/etc/ -chmod 750 /var/ffproxy -chown _ffproxy._ffproxy /var/ffproxy -.Ed -.Sh ACCESS TO THE PROXY -By default, nobody is allowed to connect to ffproxy. -Let's say, we want to provide LAN users a filtering proxy -to shut down malicous content coming from the Internet. -So the proxy has to be listening on the local network -interface only. We change bind_ipv4 and bind_ipv6 -appropiately in -.Pa ffproxy.conf -.Bd -literal -offset indent -bind_ipv4 martyr.burden.eu.org -bind_ipv6 martyr.burden.eu.org -.Ed -.Pp -Additionally, we have to change -.Pa db/access.ip . -By, for example, -.Bd -literal -offset indent -^192\\.168\\.10\\. -.Ed -.Pp -we allow 192.168.10.0/24 to use our proxy. -.Sh STARTING THE PROXY -Last step is starting ffproxy. Keep in mind that -we run the program change-rooted to /var/ffproxy, -so files are relative to new root. -.Bd -literal -offset indent -cd /var/ffproxy ; /usr/local/bin/ffproxy -f ffproxy.conf -.Ed -.Pp -starts ffproxy. Now test if it works correctly. -If not, change ffproxy.conf and/or read -.Xr ffproxy 8 -.Xr ffproxy.conf 5 -.Pp -ffproxy is not running as daemon right know. If everything -seems to work, simply shut down the proxy by pressing -CTRL-C, set `daemonize yes' in the configuration file and -start ffproxy again. -.Sh TRANSPARENT OPERATION -The proxy allows transparent operation, that is, HTTP -traffic is redirect to the proxy which simulates a HTTP -server so that the users don't have to specify a -proxy server. Consider forced usage of a proxy server as well. -To do that, you will have to configure your NAT accordingly. -On OpenBSD you'll want a line like -.Bd -literal -offset indent -rdr on rl0 proto tcp from any to any port 80 -> 127.0.0.1 port 8080 -.Ed -.Pp -in -.Pa /etc/pf.conf . -See your NAT's documentation for details on how to do this. -.Sh VERSION -This manual documents ffproxy 1.6 (2004-06-08). -.Sh SEE ALSO -.Xr ffproxy 8 , -.Xr ffproxy.conf 5 , -.Xr pf.conf 5 diff -uNr ffproxy-1.6-RC1/file.c ffproxy-RC2/file.c --- ffproxy-1.6-RC1/file.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/file.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,48 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: file.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include - -#include "print.h" -#include "file.h" - -int -my_open(const char *path) -{ - int f; - - if ((f = open(path, O_RDONLY, 0)) < 0) - fatal("unable to open file %s", path); - - return f; -} - -FILE * -my_fopen(const char *path) -{ - FILE *fp; - - if ((fp = fopen(path, "r")) == NULL) - fatal("unable to open file %s", path); - - return fp; -} diff -uNr ffproxy-1.6-RC1/file.h ffproxy-RC2/file.h --- ffproxy-1.6-RC1/file.h 2002-07-25 14:24:10.000000000 +0200 +++ ffproxy-RC2/file.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -int my_open(const char *path); -FILE *my_fopen(const char *path); diff -uNr ffproxy-1.6-RC1/filter.c ffproxy-RC2/filter.c --- ffproxy-1.6-RC1/filter.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/filter.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,201 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: filter.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include - -#include "req.h" -#include "dbs.h" -#include "print.h" -#include "alloc.h" -#include "http.h" -#include "regex.h" -#include "filter.h" - -static void rotate(int, char *[]); - -extern char loop_header[]; - -int -filter_request(struct req * r) -{ - size_t i; - int j; - - i = 0; - while (f_host[i] != NULL) - if (do_regex(r->host, f_host[i++]) == 0) - return 1; - - i = 0; - while (f_url[i] != NULL) - if (do_regex(r->url, f_url[i++]) == 0) - return 1; - - i = 0; -start_over: - while (r->header[i] != NULL && i < sizeof(r->header) - 2) { - DEBUG(("filter_request() => header entry %d (%s)", i, r->header[i])); - - if (strncasecmp(r->header[i], loop_header, strlen(loop_header)) == 0) { - DEBUG(("filter_request() => LOOP DETECTED")); - r->loop = 1; - return -1; - } - if (http_parse(r, r->header[i]) == 0) - goto skip; - - j = 0; - while (f_hdr_drop[j] != NULL) - if (do_regex(r->header[i], f_hdr_drop[j++]) == 0) - return 1; - - j = 0; - while (f_hdr_entry[j] != NULL) { - if (strncasecmp(r->header[i], f_hdr_entry[j], strlen(f_hdr_entry[j])) == 0) { - rotate(i, r->header); - goto start_over; - } - j++; - } - - j = 0; - while (f_hdr_match[j] != NULL) { - if (do_regex(r->header[i], f_hdr_match[j]) == 0) { - rotate(i, r->header); - goto start_over; - } - j++; - } - -skip: - i++; - } - - if (r->header[i] != NULL) - free(r->header[i]); - - r->header[i] = (char *) my_alloc(strlen(loop_header) + 1); - (void) strcpy(r->header[i], loop_header); - - DEBUG(("filter_request() => added loop header[%d] (%s)", i, r->header[i])); - - i++; - j = 0; - while (f_hdr_add[j] != NULL && i < sizeof(r->header) - 1) { - r->header[i] = (char *) my_alloc(strlen(f_hdr_add[j]) + 1); - (void) strcpy(r->header[i], f_hdr_add[j]); - - DEBUG(("filter_request() => added header[%d] (%s)", i, r->header[i])); - i++, j++; - } - r->header[i] = NULL; - - DEBUG(("filter_request() => done, request ok")); - - return 0; -} - -static const char http_pkalive[] = "Proxy-Connection: keep-alive"; -static const char http_kalive[] = "Connection: keep-alive"; - -int -filter_remote(struct req * r) -{ - size_t i; - int j; - - i = 0; -start_over: - while (r->header[i] != NULL) { - DEBUG(("filter_remote() => remote header entry %d (%s)", i, r->header[i])); - - if (strncasecmp(r->header[i], loop_header, strlen(loop_header)) == 0) { - DEBUG(("filter_request() => LOOP DETECTED")); - r->loop = 1; - return -1; - } - if (http_parse(r, r->header[i]) == 0) - goto skip; - - j = 0; - while (f_rhdr_drop[j] != NULL) - if (do_regex(r->header[i], f_rhdr_drop[j++]) == 0) - return 1; - - j = 0; - while (f_rhdr_entry[j] != NULL) { - if (strncasecmp(r->header[i], f_rhdr_entry[j], strlen(f_rhdr_entry[j])) == 0) { - rotate(i, r->header); - goto start_over; - } - j++; - } - - j = 0; - while (f_rhdr_match[j] != NULL) { - if (do_regex(r->header[i], f_rhdr_match[j]) == 0) { - rotate(i, r->header); - goto start_over; - } - j++; - } -skip: - i++; - - } - if(r->kalive && i - 2 < sizeof(r->header)) { - r->header[i] = (char *) my_alloc(strlen(http_pkalive) + 1); - (void) strcpy(r->header[i], http_pkalive); - r->header[++i] = (char *) my_alloc(strlen(http_kalive) + 1); - (void) strcpy(r->header[i], http_kalive); - r->header[++i] = NULL; - } else if(r->kalive) { - r->kalive = 0; - } - - DEBUG(("filter_remote() => done, request ok")); - - return 0; -} - - -static void -rotate(int i, char *a[]) -{ - if (a[i] == NULL) { - DEBUG(("rotate() => entry to rotate, %d, is NULL", i)); - } else { - DEBUG(("rotate() => freeing a[%d] == (%s)", i, a[i])); - free(a[i]); - a[i] = a[i + 1]; - if (a[i + 1] != NULL) { - i++; - while (a[i] != NULL) { - a[i] = a[i + 1]; - i++; - } - } - } - - DEBUG(("rotate() => done")); -} diff -uNr ffproxy-1.6-RC1/filter.h ffproxy-RC2/filter.h --- ffproxy-1.6-RC1/filter.h 2002-07-25 14:24:10.000000000 +0200 +++ ffproxy-RC2/filter.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -int filter_request(struct req *); -int filter_remote(struct req *); diff -uNr ffproxy-1.6-RC1/html/connect ffproxy-RC2/html/connect --- ffproxy-1.6-RC1/html/connect 2003-08-07 21:52:45.000000000 +0200 +++ ffproxy-RC2/html/connect 1970-01-01 01:00:00.000000000 +0100 @@ -1,14 +0,0 @@ -HTTP/1.1 503 ERROR -Connection: close -Content-Type: text/html; charset=iso-8859-1 - - - -Error: Unable to connect to server - - -

Error

-

-Unable to connect to server $h - - diff -uNr ffproxy-1.6-RC1/html/filtered ffproxy-RC2/html/filtered --- ffproxy-1.6-RC1/html/filtered 2003-08-07 21:52:46.000000000 +0200 +++ ffproxy-RC2/html/filtered 1970-01-01 01:00:00.000000000 +0100 @@ -1,16 +0,0 @@ -HTTP/1.1 200 OK (filtered) -Connection: close -Content-Type: text/html; charset=iso-8859-1 - - - -Filtered URL - - -

Filtered URL

-

-Your request was filtered -

-URL: $u on host $h - - diff -uNr ffproxy-1.6-RC1/html/invalid ffproxy-RC2/html/invalid --- ffproxy-1.6-RC1/html/invalid 2003-08-07 21:52:48.000000000 +0200 +++ ffproxy-RC2/html/invalid 1970-01-01 01:00:00.000000000 +0100 @@ -1,14 +0,0 @@ -HTTP/1.1 400 ERROR -Connection: close -Content-Type: text/html; charset=iso-8859-1 - - - -Error: Invalid request - - -

Error

-

-Your browser sent an invalid request - - diff -uNr ffproxy-1.6-RC1/html/post ffproxy-RC2/html/post --- ffproxy-1.6-RC1/html/post 2003-08-07 21:52:49.000000000 +0200 +++ ffproxy-RC2/html/post 1970-01-01 01:00:00.000000000 +0100 @@ -1,16 +0,0 @@ -HTTP/1.1 400 ERROR -Connection: close -Content-Type: text/html; charset=iso-8859-1 - - - -Error: Unable to post data - - -

Error

-

-Your request to post data to $h failed, unable to post data -

-URL: $u - - diff -uNr ffproxy-1.6-RC1/html/resolve ffproxy-RC2/html/resolve --- ffproxy-1.6-RC1/html/resolve 2003-08-07 21:52:51.000000000 +0200 +++ ffproxy-RC2/html/resolve 1970-01-01 01:00:00.000000000 +0100 @@ -1,14 +0,0 @@ -HTTP/1.1 503 ERROR -Connection: close -Content-Type: text/html; charset=iso-8859-1 - - - -Error: Unable to resolve IP - - -

Error

-

-Unable to resolve IP for host $h - - diff -uNr ffproxy-1.6-RC1/http.c ffproxy-RC2/http.c --- ffproxy-1.6-RC1/http.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/http.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,315 +0,0 @@ -/* - * ffproxy (c) 2002-2004 Niklas Olmes - * http://faith.eu.org - * - * $Id: http.c,v 2.0 2004/06/08 08:07:06 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include - -#include "req.h" -#include "print.h" -#include "cfg.h" -#include "http.h" - -#define my_isblank(c) ((c) == ' ' || (c) == '\t') - -static const char http_get[] = "GET "; -static const char http_post[] = "POST "; -static const char http_head[] = "HEAD "; -static const char http_connect[] = "CONNECT "; -static const char http[] = "http://"; -static const char httpv[] = "HTTP/"; - -int -http_url(struct req * r, const char *s) -{ - extern struct cfg config; - size_t i, k; - char *p; - - if (strncmp(http_get, s, strlen(http_get)) == 0) { - r->type = GET; - s += strlen(http_get); - } else if (strncmp(http_post, s, strlen(http_post)) == 0) { - r->type = POST; - s += strlen(http_post); - } else if (strncmp(http_head, s, strlen(http_head)) == 0) { - r->type = HEAD; - s += strlen(http_head); - } else if (strncmp(http_connect, s, strlen(http_connect)) == 0) { - r->type = CONNECT; - s += strlen(http_connect); - } else { - r->type = UNKNOWN; - return -1; - } - - while (*s == ' ') - s++; - - DEBUG(("http_url() => got url part (%s)", s)); - - i = 0; - if (config.accel) { - r->relative = 0; - DEBUG(("http_url() => using as accelerator proxy")); - DEBUG(("http_url() => accelhost (%s) port %d", config.accelhost, config.accelport)); - i = snprintf(r->url, sizeof(r->url), "%s%s:%d", http, config.accelhost, config.accelport); - if (i < 1) - fatal_n("http_url() => accelhost is too long, can't create r->url"); - DEBUG(("http_url() => created url (%s) length (%d)", r->url, i)); - } else if (strncmp(s, http, strlen(http)) != 0) { - r->relative = 1; - } else { - r->relative = 0; - - while (i < strlen(http)) { - r->url[i] = http[i]; - i++, s++; - } - - while (i < sizeof(r->url) - 1 && *s != '_' - && (isalnum(*s) || *s == '-' || *s == '.' || *s == ':')) - r->url[i++] = tolower(*(s++)); - r->url[i] = '\0'; - if (*s != '/' && *s != ' ') { - r->type = UNKNOWN; - return -1; - } - } - - if (config.accel && strncmp(s, http, strlen(http)) == 0) { - r->url[i++] = '\0'; - s += strlen(http); - while (*s != ' ' && *s != '/' && *s != '\0' && isprint(*s)) - s++; - } - k = 0; - while (i < sizeof(r->url) - 1 && k < sizeof(r->urlpath) - 1 && *s != ' ' && *s != '\0' && isprint(*s)) { - r->urlpath[k++] = *s; - r->url[i++] = *(s++); - } - if (k == 0) - r->urlpath[k++] = '/'; - r->urlpath[k] = '\0'; - r->url[i] = '\0'; - if (*s != ' ') { - r->type = UNKNOWN; - return -1; - } - - if (r->type == CONNECT) - *r->url = '\0'; - - DEBUG(("http_url() => extracted urlpath (%s)", r->urlpath)); - DEBUG(("http_url() => extracted url (%s)", r->url)); - - while (*s == ' ') - s++; - - DEBUG(("http_url() => got version part (%s)", s)); - - if (strncasecmp(s, httpv, strlen(httpv)) != 0) - return -1; - s += strlen(httpv); - r->vmajor = 0; - r->vminor = 0; - i = 0; - while (i < 2 && *s != '\0' && isdigit(*s)) { - r->vmajor = r->vmajor * 10 + (*(s++) - '0'); - i++; - } - if (*s == '.') { - s++; - while (i < 4 && *s != '\0' && isdigit(*s)) { - r->vminor = r->vminor * 10 + (*(s++) - '0'); - i++; - } - } - DEBUG(("http_url() => got type %d url (%s) version maj %d min %d", - r->type, r->url, r->vmajor, r->vminor)); - - p = r->url; - p += strlen(http); - - if(r->relative || r->type == CONNECT) - return 0; - - i = 0; - while ((isalnum(*p) || *p == '-' || *p == '.') && i < sizeof(r->host) - 1) - r->host[i++] = tolower(*(p++)); - r->host[i] = '\0'; - - if (i >= sizeof(r->host) - 1) { - DEBUG(("http_url() => host: too long (%s)", r->host)); - *r->host = '\0'; - r->port = 0; - return -1; - } - if (*p == ':') { - p++; - r->port = 0; - while (isdigit(*p)) { - r->port = r->port * 10 + (*(p++) - '0'); - if (r->port >= 65534) { - DEBUG(("http_url() => port: bad port number")); - r->port = 0; - return -1; - } - } - if (*p != '\0' && *p != ' ' && *p != '/') { - DEBUG(("http_url() => port: bad port")); - r->port = 0; - return -1; - } - DEBUG(("http_url() => port: %d", r->port)); - } else { - DEBUG(("http_url() => default port 80")); - r->port = 80; - } - - return 0; -} - -static const char h_host[] = "Host: "; - -int -http_rel(struct req * r, const char *s) -{ - size_t i; - - i = 0; - if (r->relative && strncmp(s, h_host, strlen(h_host)) == 0) { - r->relative = 0; - - s += strlen(h_host); - while (*s == ' ') - s++; - while ((isalnum(*s) || *s == '-' || *s == '.') && i < sizeof(r->host) - 1) - r->host[i++] = tolower(*(s++)); - r->host[i] = '\0'; - if (i >= sizeof(r->host) || (*s != ':' && *s != '\0')) { - DEBUG(("http_rel() => invalid host header (%s)", r->host)); - r->host[0] = '\0'; - return 1; - } - DEBUG(("http_rel() => extracted host (%s)", r->host)); - if (*s == ':') { - i = 0; - r->port = 0; - s++; - while (isdigit(*s) && i++ < 6) - r->port = r->port * 10 + *(s++) - '0'; - if (i > 5 && i == 0) { - DEBUG(("http_rel() => bad port number")); - r->port = 0; - return 1; - } - DEBUG(("http_rel() => extracted port %d", r->port)); - } else { - if (r->type == CONNECT) - r->port = 443; - else - r->port = 80; - } - if (strlen(r->url) + strlen(http) + strlen(r->host) + 7 >= sizeof(r->url)) { - DEBUG(("http_rel() => URL will get too long")); - return 1; - } else { - char o_url[sizeof(r->url)]; - (void) strncpy(o_url, r->url, sizeof(o_url) - 1); - o_url[sizeof(o_url) - 1] = '\0'; - if (r->port == 80) - (void) snprintf(r->url, sizeof(r->url), "http://%s%s", r->host, o_url); - else - (void) snprintf(r->url, sizeof(r->url), "http://%s:%d%s", r->host, r->port, o_url); - DEBUG(("http_rel() => extracted URL (%s)", r->url)); - } - } - - return 0; -} - -static const char http_clen[] = "Content-Length: "; -static const char http_pkalive[] = "Proxy-Connection: keep-alive"; -static const char http_kalive[] = "Connection: keep-alive"; -#ifdef TSTAMP -static const char http_tstamp[] = "Last-Modified: "; -#endif - -int -http_parse(struct req * r, const char *s) -{ - size_t i; - - if (strncasecmp(http_clen, s, strlen(http_clen)) == 0) { - DEBUG(("http_parse() => found clen header (%s)", s)); - - s += strlen(http_clen); - - while (my_isblank(*s)) - s++; - - if (!isdigit(*s)) { - DEBUG(("http_parse() => clen: no digit found (%s)", s)); - return -1; - } - r->clen = 0L; - i = 0; - while (i < 10 && isdigit(*s)) - r->clen = r->clen * 10L + (long) (*(s++) - '0'); - - if (*s != '\0') { - r->clen = 0L; - DEBUG(("http_parse() => clen: too long")); - return -1; - } - DEBUG(("http_parse() => clen: %ld bytes", r->clen)); - return 0; -#ifdef TSTAMP - } else if (strncasecmp(http_tstamp, s, strlen(http_tstamp)) == 0) { - DEBUG(("http_parse() => found tstamp header (%s)", s)); - - s += strlen(http_tstamp); - - while (my_isblank(*s)) - s++; - - i = 0; - while (i < sizeof(r->tstamp) - 1 && *s != '\0') - r->tstamp[i++] = *(s++); - r->tstamp[i] = '\0'; - - if (*s != '\0') { - r->tstamp[0] = '\0'; - DEBUG(("http_parse()_ => tstamp: too long")); - return -1; - } - DEBUG(("http_parse() => tstamp: extracted (%s)", r->tstamp)); - return 0; -#endif - } else if (strncasecmp(http_pkalive, s, strlen(http_pkalive)) == 0 - || strncasecmp(http_kalive, s, strlen(http_kalive)) == 0) { - DEBUG(("http_parse() => keep alive header found")); - r->kalive = 1; - return 1; - } - return 1; -} diff -uNr ffproxy-1.6-RC1/http.h ffproxy-RC2/http.h --- ffproxy-1.6-RC1/http.h 2003-08-17 05:13:29.000000000 +0200 +++ ffproxy-RC2/http.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,3 +0,0 @@ -int http_url(struct req *, const char *); -int http_rel(struct req *, const char *); -int http_parse(struct req *, const char *); diff -uNr ffproxy-1.6-RC1/main.c ffproxy-RC2/main.c --- ffproxy-1.6-RC1/main.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/main.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,336 +0,0 @@ -/* - * ffproxy (c) 2002-2004 Niklas Olmes - * http://faith.eu.org - * - * $Id: main.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "cfg.h" -#include "print.h" -#include "socket.h" -#include "db.h" -#include "dns.h" -#include "signals.h" - -#if defined(NEED_DAEMON) || defined(__sun__) -#include -#include -#include - -static int daemon(int, int); -int -daemon(int nochdir, int noclose) -{ - int f; - f = open("/dev/null", O_RDWR); - (void) dup2(STDIN_FILENO, f); - (void) dup2(STDERR_FILENO, f); - (void) dup2(STDOUT_FILENO, f); - if (fork()) - _exit(0); - return 0; -} -#endif - -static void usage(void); -static void drop_privileges(void); - -static const char version[] = "1.6-RC1"; -static const char rcsid[] = "$Id: main.c,v 2.0 2004/06/08 06:39:51 niklas Exp $"; -char loop_header[100]; - -struct cfg config; - -int -main(int argc, char *argv[]) -{ - int c, nowarn; - char *prgname; - - prgname = argv[0]; - nowarn = 0; - - (void) memset(&config, 0, sizeof(config)); - *config.ipv4 = '\0'; - *config.ipv6 = '\0'; - config.port = 0; - config.daemon = 0; - config.childs = 10; - config.ccount = 0; - config.backlog = 4; - config.uid = 0L; - config.gid = 0L; - *config.chroot = '\0'; - (void) strncpy(config.dbdir, DATADIR, sizeof(config.dbdir) - 1); - config.dbdir[sizeof(config.dbdir) - 1] = '\0'; - (void) strncpy(config.file, CFGFILE, sizeof(config.file) - 1); - config.file[sizeof(config.file) - 1] = '\0'; - *config.proxyhost = '\0'; - config.proxyport = 0; - config.syslog = 1; - config.logrequests = 0; - config.use_ipv6 = 1; - config.aux_proxy_ipv6 = 1; - config.bind_ipv6 = 1; - config.bind_ipv4 = 1; - config.accel = 0; - config.accelusrhost = 1; - *config.accelhost = '\0'; - config.accelport = 80; - config.kalive = 1; - config.unr_con = 0; - config.to_con = 5; - config.first = 1; - - while ((c = getopt(argc, argv, "vdbBc:C:p:x:X:l:u:g:r:D:F:f:s4a:A:h")) != -1) { - switch (c) { - case 'v': - (void) printf("ffproxy version %s, %s\n", - version, rcsid); - exit(0); - break; - case 'd': - config.daemon = 1; - break; - case 'b': - config.bind_ipv4 = 0; - break; - case 'B': - config.bind_ipv6 = 0; - break; - case 'c': - (void) strncpy(config.ipv4, optarg, sizeof(config.ipv4) - 1); - config.ipv4[sizeof(config.ipv4) - 1] = '\0'; - break; - case 'C': - (void) strncpy(config.ipv6, optarg, sizeof(config.ipv6) - 1); - config.ipv6[sizeof(config.ipv6) - 1] = '\0'; - break; - case 'p': - config.port = atoi(optarg); - if (config.port > MAX_PORTS || !config.port) { - (void) fprintf(stderr, "Invalid port number (-p %s)\n", optarg); - exit(1); - } - break; - case 'x': - if (strlen(optarg) > sizeof(config.proxyhost) - 1 ) { - (void) fprintf(stderr, "Proxy host name too long\n"); - exit(1); - } - (void) strncpy(config.proxyhost, optarg, sizeof(config.proxyhost) - 1); - config.proxyhost[sizeof(config.proxyhost) - 1] = '\0'; - break; - case 'X': - config.proxyport = atoi(optarg); - if (config.proxyport > MAX_PORTS || !config.proxyport) { - (void) fprintf(stderr, "Invalid port number (-X %s)\n", optarg); - exit(1); - } - break; - case 'l': - config.childs = atoi(optarg); - if (!config.childs || config.childs > MAX_CHILDS) { - (void) fprintf(stderr, "Invalid limit of child processes (-l %s)\n", optarg); - exit(1); - } - break; - case 'u': - if (!(config.uid = atoi(optarg))) { - struct passwd *pwd; - if ((pwd = getpwnam(optarg))) - config.uid = (unsigned long) pwd->pw_uid; - else { - (void) fprintf(stderr, "UID %s not found\n", optarg); - exit(1); - } - } - break; - case 'g': - if (!(config.gid = atoi(optarg))) { - struct group *grp; - if ((grp = getgrnam(optarg))) - config.gid = (unsigned long) grp->gr_gid; - else { - (void) fprintf(stderr, "GID %s not found\n", optarg); - exit(1); - } - } - break; - case 'r': - if (strlen(optarg) > sizeof(config.chroot) - 1 ) { - (void) fprintf(stderr, "chroot directory too long\n"); - exit(1); - } - (void) strncpy(config.chroot, optarg, sizeof(config.chroot) - 1); - config.chroot[sizeof(config.chroot) - 1] = '\0'; - break; - case 'D': - if (strlen(optarg) > sizeof(config.dbdir) - 1 ) { - (void) fprintf(stderr, "dbdir directory too long\n"); - exit(1); - } - (void) strncpy(config.dbdir, optarg, sizeof(config.dbdir) - 1); - config.dbdir[sizeof(config.dbdir) - 1] = '\0'; - break; - case 'F': - nowarn = 1; - case 'f': - if (strlen(optarg) > sizeof(config.file) - 1 ) { - (void) fprintf(stderr, "config file name too long\n"); - exit(1); - } - (void) strncpy(config.file, optarg, sizeof(config.file) - 1); - config.file[sizeof(config.file) - 1] = '\0'; - if (*config.file && !nowarn && strcmp(config.file, "/dev/null") != 0) - (void) fprintf(stdout, "Using config file (%s).\nPlease note that due to design, config file overwrites command line options.\nUse -F instead of -f to omit this warning message.\n", config.file); - break; - case 's': - config.syslog = 0; - break; - case '4': - config.use_ipv6 = 0; - break; - case 'a': - (void) strncpy(config.accelhost, optarg, sizeof(config.accelhost) - 1); - config.accelhost[sizeof(config.accelhost) - 1] = '\0'; - break; - case 'A': - config.accelport = atoi(optarg); - break; - case 'h': - usage(); - /* NOTREACHED */ - break; - default: - (void) fprintf(stderr, "Error, type `%s -h' for help on usage\n", prgname); - exit(1); - break; - } - } - argc -= optind; - argv += optind; - - if (*argv) { - (void) fprintf(stderr, "Unknown argument left (%s)\nType `%s -h' for usage\n", *argv, prgname); - exit(1); - } - - setup_log_master(); - info("started, initializing"); - load_databases(); - (void) resolve("localhost"); - drop_privileges(); - - if (config.daemon) { - FILE *fp; - - if (daemon(1, 0) != 0) - fatal("daemon() failed"); - (void) close(0); - (void) close(1); - (void) close(2); - - (void) chdir(config.dbdir); - if ((fp = fopen("ffproxy.pid", "w")) == NULL) - fatal("cannot create pid file ffproxy.pid in %s", config.dbdir); - - (void) fprintf(fp, "%ld", (long) getpid()); - (void) fclose(fp); - } - (void) snprintf(loop_header, sizeof(loop_header), "X-Loop-%d-%d: true", getpid(), (int) time(NULL)); - - init_sighandlers(); - open_socket(); - - /* NOTREACHED */ - return 0; -} - -static void -usage(void) -{ - (void) fprintf(stderr, "ffproxy %s -- (c) 2002-2004 Niklas Olmes \n", version); - (void) fprintf(stderr, " GNU GPL. Website: http://faith.eu.org/programs.html\n"); - (void) fprintf(stderr, - "usage: ffproxy [-vhds4bB] [-c host|ip] [-C host|ip] [-p port]\n" - " [-x host|ip -X port] [-l max] [-u uid|usr -g gid|grp] [-r dir]\n" - " [-D dir] [-f file] [-a host|ip] [-A port]\n" - " -v print version number -h usage (this screen)\n" - " -d become daemon -s silent. don't log to syslog.\n" - " -4 use IPv4 only. don't try contacting via IPv6.\n" - " -b do *not* bind to IPv4\n" - " -B do *not* bind to IPv6\n" - " -c host|ip bind to IPv4 address (default is any)\n"); - (void) fprintf(stderr, - " -C host|ip bind to IPv6 address (default is any)\n" - " -p port bind to port\n" - " -x host|ip auxiliary forward proxy\n" - " -X port auxiliary forward proxy port\n" - " -l max maximum number of concurrent requests\n" - " -u uid|user change uid\n" - " -g gid|group change gid\n" - " -r dir chroot to dir\n" - " -D dir databases are in dir (default is %s)\n" - " -f file use config file (default is %s; *overwrites*)\n" - " -a host|ip auxiliary forward server to use\n" - " -A port auxiliary forward server port (default is 80)\n", - DATADIR, CFGFILE); - exit(1); -} - -static void -drop_privileges(void) -{ - extern struct cfg config; - struct passwd *pwd; - - if (config.uid == 0 || config.gid == 0) { - info("not changing UID/GID"); - } else { - if ((pwd = getpwuid(config.uid)) == NULL) - fatal("getpwuid() failed (non-existent UID entry?)"); - - if (*config.chroot != '\0') { - if (chdir(config.chroot) != 0) - fatal("chdir() failed"); - if (chroot(config.chroot) != 0) - fatal("chroot() failed"); - info("chroot()ed to %s\n", config.chroot); - } - if (setgid(config.gid) != 0) - fatal("setgid() failed"); - if (initgroups(pwd->pw_name, config.gid) != 0) - fatal("initgroups() failed"); - - if (setuid(config.uid) != 0) - fatal("setuid() failed"); - - } - - info("=> UID(%d), EUID(%d), GID(%d), EGID(%d)", getuid(), geteuid(), getgid(), getegid()); -} diff -uNr ffproxy-1.6-RC1/msg.c ffproxy-RC2/msg.c --- ffproxy-1.6-RC1/msg.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/msg.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,94 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: msg.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include - -#include -#include - -#include "req.h" -#include "dbs.h" -#include "msg.h" -#include "poll.h" - -void -err_msg(int s, struct req * r, int m) -{ - char msg[8192]; - char *p; - size_t i; - int j; - - p = NULL; - - switch (m) { - case E_INV: - p = e_inv; - break; - case E_RES: - p = e_res; - break; - case E_CON: - p = e_con; - break; - case E_POST: - p = e_post; - break; - case E_FIL: - p = e_fil; - break; - } - - *msg = '\0'; - i = 0; - while (p != NULL && *p != '\0' && i < sizeof(msg) - 1) - if (*p == '$') { - switch (*(p + 1)) { - case 'u': - j = 0; - while (i < sizeof(msg) - 1 && r->url[j] != '\0') - msg[i++] = r->url[j++]; - p += 2; - break; - case 'h': - j = 0; - while (i < sizeof(msg) - 1 && r->host[j] != '\0') - msg[i++] = r->host[j++]; - p += 2; - break; - case 'c': - j = 0; - while (i < sizeof(msg) - 1 && r->cl->name[j] != '\0') - msg[i++] = r->cl->name[j++]; - p += 2; - break; - default: - msg[i++] = *(p++); - break; - } - } else - msg[i++] = *(p++); - - msg[i] = '\0'; - - if (i > 0 && my_poll(s, OUT)) - (void) write(s, msg, i - 1); -} diff -uNr ffproxy-1.6-RC1/msg.h ffproxy-RC2/msg.h --- ffproxy-1.6-RC1/msg.h 2003-08-08 16:10:28.000000000 +0200 +++ ffproxy-RC2/msg.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,14 +0,0 @@ -#ifndef HAD_REQ_H -#include "req.h" -#endif - -struct msg { - char *c; - int len; -}; - -enum { - E_INV = 10, E_RES, E_CON, E_POST, E_FIL -}; - -void err_msg(int, struct req *, int); diff -uNr ffproxy-1.6-RC1/poll.c ffproxy-RC2/poll.c --- ffproxy-1.6-RC1/poll.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/poll.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,45 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: poll.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include - -#include "poll.h" - -int -my_poll(int s, int in) -{ - struct pollfd p; - - p.fd = s; - p.events = (in == IN) ? POLLIN : POLLOUT; - - switch (poll(&p, 1, 1000 * 20)) { - case 0: - return 0; - break; - case -1: - return -1; - break; - default: - return 1; - break; - } -} diff -uNr ffproxy-1.6-RC1/poll.h ffproxy-RC2/poll.h --- ffproxy-1.6-RC1/poll.h 2002-07-25 14:24:10.000000000 +0200 +++ ffproxy-RC2/poll.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,4 +0,0 @@ -#define IN 1 -#define OUT 0 - -int my_poll(int, int); diff -uNr ffproxy-1.6-RC1/print.c ffproxy-RC2/print.c --- ffproxy-1.6-RC1/print.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/print.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,112 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: print.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include -#include - -#include "cfg.h" -#include "print.h" - -extern struct cfg config; - -void -setup_log_master(void) -{ - if (config.syslog) - openlog("FFPROXY(master)", LOG_PID, 0); -} - -void -setup_log_slave(void) -{ - if (config.syslog) - openlog("ffproxy(slave)", LOG_PID, 0); -} - -void -fatal(const char *fmt,...) -{ - va_list ap; - char buf[2048]; - - va_start(ap, fmt); - (void) vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - - if (config.syslog) - syslog(LOG_ERR, "%s, terminating\n", buf); - - perror(buf); - exit(1); -} - -void -fatal_n(const char *fmt,...) -{ - va_list ap; - char buf[2048]; - - va_start(ap, fmt); - (void) vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - - if (config.syslog) - syslog(LOG_NOTICE, "%s, terminating\n", buf); - - (void) fprintf(stderr, "%s, terminating\n", buf); - exit(1); -} - -void -warn(const char *fmt,...) -{ - va_list ap; - char buf[2048]; - - va_start(ap, fmt); - (void) vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - - if (config.syslog) - syslog(LOG_WARNING, "%s, continuing\n", buf); - - (void) fprintf(stderr, "%s, continuing\n", buf); -} - -void -info(const char *fmt,...) -{ - va_list ap; - char buf[2048]; - - va_start(ap, fmt); - (void) vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - - if (config.syslog) - syslog(LOG_INFO, "%s\n", buf); - -#ifdef USE_DEBUG - (void) fprintf(stdout, "%s\n", buf); -#endif -} diff -uNr ffproxy-1.6-RC1/print.h ffproxy-RC2/print.h --- ffproxy-1.6-RC1/print.h 2003-08-08 16:10:28.000000000 +0200 +++ ffproxy-RC2/print.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,12 +0,0 @@ -#ifdef USE_DEBUG -#define DEBUG(args) (void) printf args , (void) printf("\n");; -#else -#define DEBUG(args) ; -#endif - -void setup_log_master(void); -void setup_log_slave(void); -void fatal(const char *,...); -void fatal_n(const char *,...); -void warn(const char *,...); -void info(const char *,...); diff -uNr ffproxy-1.6-RC1/regex.c ffproxy-RC2/regex.c --- ffproxy-1.6-RC1/regex.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/regex.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,36 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: regex.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include - -#include - -#include "regex.h" - -int -do_regex(const char *s, const regex_t * r) -{ - regmatch_t pmatch[1]; - size_t nmatch; - - nmatch = 0; - return regexec(r, s, nmatch, pmatch, 0); -} diff -uNr ffproxy-1.6-RC1/regex.h ffproxy-RC2/regex.h --- ffproxy-1.6-RC1/regex.h 2002-07-25 14:24:10.000000000 +0200 +++ ffproxy-RC2/regex.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,3 +0,0 @@ -#include - -int do_regex(const char *, const regex_t *); diff -uNr ffproxy-1.6-RC1/req.h ffproxy-RC2/req.h --- ffproxy-1.6-RC1/req.h 2004-06-07 14:11:55.000000000 +0200 +++ ffproxy-RC2/req.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,36 +0,0 @@ -#define HAD_REQ_H - -struct clinfo { - char name[128]; - char ip[128]; -}; - -struct req { - char url[2048]; - char urlpath[2048]; - char host[128]; - unsigned int port; - - int type; - int relative; - int kalive; - int vmajor; - int vminor; - - long clen; - char tstamp[32]; - char ctype[32]; - - char *header[32]; - - char fname[256]; - char lname[257]; - - int loop; - - struct clinfo *cl; -}; - -enum { - GET = 0, POST, HEAD, CONNECT, UNKNOWN -}; diff -uNr ffproxy-1.6-RC1/request.c ffproxy-RC2/request.c --- ffproxy-1.6-RC1/request.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/request.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,579 +0,0 @@ -/* - * ffproxy (c) 2002-2004 Niklas Olmes - * http://faith.eu.org - * - * $Id: request.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include - -#include -#include -#include -#include -#include - -#include "req.h" -#include "cfg.h" -#include "msg.h" -#include "alloc.h" -#include "print.h" -#include "http.h" -#include "filter.h" -#include "poll.h" -#include "request.h" - -static int read_header(int, struct req *); -static char sgetc(int); -static size_t getline(int, char[], int); -static int do_request(int, struct req *); - -void -handle_request(int cl, struct clinfo * clinfo) -{ - extern struct cfg config; - struct req r; - char buf[2048]; - -keep_alive: - (void) memset(&r, 0, sizeof(r)); - r.cl = clinfo; - - if (getline(cl, buf, sizeof(buf)) < 1) - *buf = '\0'; - - if ((http_url(&r, buf)) == 0) { - int i; - - r.loop = 0; - - if (r.type == CONNECT) { - DEBUG(("handle_request => CONNECT request detected")); - if (read_header(cl, &r) != 0) { - info("invalid CONNECT header from (%s) [%s]", - clinfo->name, clinfo->ip); - err_msg(cl, &r, E_INV); - } else if (r.port != 443 && ! config.unr_con) { - info("invalid CONNECT port (%d) for host (%s) from (%s) [%s]", - r.port, r.host, clinfo->name, clinfo->ip); - err_msg(cl, &r, E_INV); - } else if (filter_request(&r) != 0) { - info("filtered CONNECT request for (%s:%d) from (%s) [%s]", - r.host, r.port, clinfo->name, clinfo->ip); - } else { - if (config.logrequests) { - if (r.port == 443) - info("HTTPS CONNECT to (%s) from (%s) [%s]", - r.host, clinfo->name, clinfo->ip); - else - info("CONNECT to host (%s:%d) from (%s) [%s]", - r.host, r.port, clinfo->ip); - } - i = do_request(cl, &r); - switch (i) { - case E_INV: - info("invalid CONNECT request for (%s:%d) from (%s) [%s]", r.host, r.port, clinfo->name, clinfo->ip); - break; - case E_RES: - info("resolve failure for host (%s) from (%s) [%s]", r.host, clinfo->name, clinfo->ip); - break; - case E_CON: - info("connection failure for host (%s) from (%s) [%s]", r.host, clinfo->name, clinfo->ip); - break; - default: - i = 0; - } - if (i != 0) { - err_msg(cl, &r, i); - r.kalive = 0; - } - } - i = 0; - while (r.header[i] != NULL) - free(r.header[i++]); - r.header[0] = NULL; - } else if (read_header(cl, &r) != 0) { - info("invalid header from (%s) [%s]", clinfo->name, clinfo->ip); - err_msg(cl, &r, E_INV); - - i = 0; - while (r.header[i] != NULL) - free(r.header[i++]); - r.header[0] = NULL; - } else if (filter_request(&r) != 0) { - info("filtered request for URL (%s) from (%s) [%s]", r.url, clinfo->name, clinfo->ip); - if (r.loop) - warn("LOOP DETECTED for URL (%s) from (%s) [%s]", r.url, clinfo->name, clinfo->ip); - else - err_msg(cl, &r, E_FIL); - - i = 0; - while (r.header[i] != NULL) - free(r.header[i++]); - r.header[0] = NULL; - } else { - if (config.logrequests) - info("request for URL (%s) from (%s) [%s]", r.url, clinfo->name, clinfo->ip); - - i = do_request(cl, &r); - switch (i) { - case E_INV: - info("invalid request for URL (%s) from (%s) [%s]", r.url, clinfo->name, clinfo->ip); - break; - case E_RES: - info("resolve failure for host (%s) from (%s) [%s]", r.host, clinfo->name, clinfo->ip); - break; - case E_CON: - info("connection failure for host (%s) from (%s) [%s]", r.host, clinfo->name, clinfo->ip); - break; - case E_POST: - info("failure while post for URL (%s) from (%s) [%s]", r.url, clinfo->name, clinfo->ip); - break; - case E_FIL: - info("filtered request for URL (%s) from (%s) [%s]", r.url, clinfo->name, clinfo->ip); - break; - default: - i = 0; - } - if (i != 0) { - err_msg(cl, &r, i); - r.kalive = 0; - } - - i = 0; - while (r.header[i] != NULL) - free(r.header[i++]); - r.header[0] = NULL; - - if (config.kalive && r.kalive && r.clen > 0L) - goto keep_alive; - } - } else { - if (*buf == '\0') { - ; - } else { - info("invalid request from (%s) [%s]", clinfo->name, clinfo->ip); - } - } -} - -static int -read_header(int cl, struct req * r) -{ - size_t len, i; - char buf[2048]; - char *b, *p; - - i = 0; - while ((len = getline(cl, buf, sizeof(buf))) > 0 && i < sizeof(r->header) - 1) { - b = buf; - while (isspace(*b) && *(b++) != '\0'); - if (*b == '\0') - continue; - - p = (char *) my_alloc(len + 1); - (void) strcpy(p, b); - r->header[i] = p; - - DEBUG(("read_header() => entry %d (%s)", i, r->header[i])); - - i++; - - if (r->relative && http_rel(r, p) != 0) { - r->header[i] = NULL; - return 1; - } - } - r->header[i] = NULL; - - if (i >= sizeof(r->header) - 1) - return 1; - - return 0; -} - -static char -sgetc(int s) -{ - char c; - - if (read(s, &c, 1) != 1 || c < 1) - return -1; - else - return c; -} - -static size_t -getline(int s, char buf[], int len) -{ - int c; - size_t i; - - if (my_poll(s, IN) <= 0) - return 0; - - i = 0; - while (--len > 0) { - c = sgetc(s); - if (c == '\n' || c == -1) - break; - else if (c != '\r') - buf[i++] = c; - } - buf[i] = '\0'; - - return i; -} - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include "dns.h" - -static int -do_request(int cl, struct req * r) -{ - extern struct cfg config; - unsigned long ip; - int s; - void *foo; - size_t len, i; - char buf[4096]; - - len = 0; - ip = 0L; - s = 0; - - if (config.use_ipv6 && (config.aux_proxy_ipv6 || *config.proxyhost == '\0')) { - struct addrinfo hints, *res, *res0; - char port[6]; - - DEBUG(("do_request() => trying ipv6")); - - port[0] = '\0'; - (void) memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - - if (*config.proxyhost != '\0' && config.proxyport) { - DEBUG(("do_request() => trying ipv6 for proxy %s port %d", config.proxyhost, config.proxyport)); - (void) snprintf(port, 6, "%d", config.proxyport); - if (getaddrinfo(config.proxyhost, port, &hints, &res)) { - DEBUG(("do_request() => getaddrinfo() failed for proxy %s", config.proxyhost)); - return E_RES; - } - } else { - (void) snprintf(port, 6, "%d", r->port); - if (getaddrinfo(r->host, port, &hints, &res)) { - DEBUG(("do_request() => getaddrinfo() failed for %s", r->host)); - return E_RES; - } - } - - s = -1; - for (res0 = res; res; res = res->ai_next) { - if ((s = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) < 0) - continue; - else if (connect(s, res->ai_addr, res->ai_addrlen) < 0) { - (void) close(s); - s = -1; - continue; - } else - break; - } - freeaddrinfo(res0); - - if (s == -1) { - if (*config.proxyhost != '\0' && config.proxyport) { - DEBUG(("do_request() => socket() or connect() after getaddrinfo() failed for proxy %s port %d", config.proxyhost, config.proxyport)); - } else { - DEBUG(("do_request() => socket() or connect() after getaddrinfo() failed for %s port %d", r->host, r->port)); - } - return E_CON; - } - } else { - struct sockaddr_in addr; - - DEBUG(("do_request() => not trying ipv6")); - - (void) memset(&addr, 0, sizeof(addr)); - - if (*config.proxyhost != '\0' && config.proxyport) { - DEBUG(("do_request() => using aux proxy w/o trying ipv6")); - if ((addr.sin_addr.s_addr = resolve(config.proxyhost)) == INADDR_NONE) { - DEBUG(("do_request() => resolve failure for proxy %s", config.proxyhost)); - return E_RES; - } - addr.sin_port = htons(config.proxyport); - addr.sin_family = AF_INET; - } else { - if ((ip = resolve(r->host)) == INADDR_NONE) { - DEBUG(("do_request() => resolve failure for %s", r->host)); - return E_RES; - } - addr.sin_addr.s_addr = ip; - addr.sin_port = htons(r->port); - addr.sin_family = AF_INET; - } - - if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) { - DEBUG(("do_request() => socket() failed for %s port %d", r->host, r->port)); - return E_CON; - } else if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &foo, sizeof(foo)) != 0) { - DEBUG(("do_request() => setsockopt() failed for %s port %d", r->host, r->port)); - return E_CON; - } else if (connect(s, (struct sockaddr *) & addr, sizeof(addr)) == -1) { - DEBUG(("do_request() => connect() failed for %s port %d", r->host, r->port)); - return E_CON; - } - } - -#ifdef USE_DEBUG - i = 0; - DEBUG(("do_request() => header is:")); - while (r->header[i] != NULL) - DEBUG(("=> [%s]", r->header[i++])); -#endif - - if (r->vmajor >= 1 && r->vminor >= 0) - r->vmajor = 1, r->vminor = 0; - - if (config.accel && config.accelusrhost) - len = snprintf(buf, sizeof(buf), - "%s %s HTTP/%d.%d\r\n", - ((r->type == GET) ? "GET" - : ((r->type) == HEAD) ? "HEAD" : "POST"), - (*config.proxyhost && config.proxyport) != '\0' ? r->url : r->urlpath, - r->vmajor, r->vminor); - else if (r->port == 80) - len = snprintf(buf, sizeof(buf), - "%s %s HTTP/%d.%d\r\n" - "Host: %s\r\n", - ((r->type == GET) ? "GET" - : ((r->type) == HEAD) ? "HEAD" : "POST"), - (*config.proxyhost && config.proxyport) != '\0' ? r->url : r->urlpath, - r->vmajor, r->vminor, - r->host); - else if (r->port == 443 || r->type == CONNECT) { - *buf = '\0'; - len = 0; - } else - len = snprintf(buf, sizeof(buf), - "%s %s HTTP/%d.%d\r\n" - "Host: %s:%d\r\n", - ((r->type == GET) ? "GET" - : ((r->type) == HEAD) ? "HEAD" : "POST"), - (*config.proxyhost && config.proxyport) != '\0' ? r->url : r->urlpath, - r->vmajor, r->vminor, - r->host, r->port); - - if (r->type != CONNECT) { - i = 0; - while (r->header[i] != NULL) { - len += strlen(r->header[i]) + strlen("\r\n"); - if (len < sizeof(buf)) { - (void) strncat(buf, r->header[i++], len); - (void) strncat(buf, "\r\n", strlen("\r\n")); - } else { - DEBUG(("do_request() => header too big")); - (void) close(s); - i = 0; - while (r->header[i] != NULL) - free(r->header[i++]); - r->header[0] = NULL; - return E_INV; - } - } - } - i = 0; - while (r->header[i] != NULL) - free(r->header[i++]); - r->header[0] = NULL; - - if (r->type != CONNECT) { - len += strlen("\r\n"); - if (len >= sizeof(buf) - 1) { - DEBUG(("do_request() => header too big")); - (void) close(s); - return E_INV; - } - (void) strncat(buf, "\r\n", strlen("\r\n")); - - DEBUG(("do_request() => request ready: type %d url (%s) host (%s) port %d", - r->type, r->url, r->host, r->port)); - DEBUG(("=> version maj %d min %d", r->vmajor, r->vminor)); - DEBUG(("=> header: (%s)", buf)); - - if (my_poll(s, OUT) <= 0 || write(s, buf, len) < 1) { - DEBUG(("do_request() => sending request failed")); - (void) close(s); - return E_CON; - } - } - if (r->type == POST) { - long rest; - - DEBUG(("do_request() => posting data")); - - if ((rest = r->clen) < 0L) { - DEBUG(("do_request() => post: invalid clen %ld", r->clen)); - (void) close(s); - return E_POST; - } - while (rest > 0L) { - if (my_poll(cl, OUT) <= 0) { - (void) close(s); - return E_POST; - } - len = read(cl, buf, sizeof(buf)); - if (len < 1) - break; - else - rest -= len; - - if (my_poll(s, OUT) <= 0 || write(s, buf, len) < 1) { - DEBUG(("do_request() => post: error writing post data")); - (void) close(s); - return E_POST; - } - } - DEBUG(("do_request() => post done")); - } - if (r->type != CONNECT) { - i = 0; - while ((len = getline(s, buf, sizeof(buf))) > 0 && i < sizeof(r->header) - 1) { - DEBUG(("do_request() => got remote header line: (%s)", buf)); - r->header[i] = (char *) my_alloc(len + 1); - (void) strcpy(r->header[i++], buf); - } - r->header[i] = NULL; - - if (len > 0) { - DEBUG(("do_request() => remote header too big")); - (void) close(s); - i = 0; - while (r->header[i] != NULL) - free(r->header[i++]); - r->header[0] = NULL; - return E_FIL; - } - if (filter_remote(r) != 0) { - DEBUG(("do_request() => response was filtered")); - (void) close(s); - i = 0; - while (r->header[i] != NULL) - free(r->header[i++]); - r->header[0] = NULL; - return E_FIL; - } - *buf = '\0'; - len = 0; - i = 0; - while (r->header[i] != NULL) { - len += strlen(r->header[i]) + strlen("\r\n"); - if (len < sizeof(buf) - 1) { - (void) strcat(buf, r->header[i++]); - (void) strcat(buf, "\r\n"); - } else { - DEBUG(("do_request() => remote header too big (at concatenation)")); - i = 0; - while (r->header[i] != NULL) - free(r->header[i++]); - r->header[0] = NULL; - (void) close(s); - return E_FIL; - } - } - i = 0; - while (r->header[i] != NULL) - free(r->header[i++]); - r->header[0] = NULL; - - len += strlen("\r\n"); - if (len >= sizeof(buf) - 1) { - DEBUG(("do_request() => remote header too big (at final)")); - (void) close(s); - return E_FIL; - } - (void) strcat(buf, "\r\n"); - - DEBUG(("do_request() => remote header ready: (%s)", buf)); - - if (my_poll(cl, OUT) <= 0 || write(cl, buf, len) < 1) { - (void) close(s); - return -1; - } - } - if (r->type == CONNECT) { - char *con_est = "HTTP/1.0 200 Connection established\r\n\r\n"; - int max, sel; - struct timeval to; - fd_set fdset; - - to.tv_sec = config.to_con; - to.tv_usec = 0; - - if (write(cl, con_est, strlen(con_est)) < 1) - goto c_break; - - if(cl >= s) - max = cl + 1; - else - max = s + 1; - - i = 1; - sel = 1; - len = 1; - while (len > 0 && sel > 0 && i > 0) { - FD_ZERO(&fdset); - FD_SET(cl, &fdset); - FD_SET(s, &fdset); - sel = select(max, &fdset, (fd_set*) 0, (fd_set*) 0, &to); - if (FD_ISSET(cl, &fdset)) { - len = read(cl, buf, sizeof(buf)); - i = write(s, buf, len); - } - if (FD_ISSET(s, &fdset)) { - len = read(s, buf, sizeof(buf)); - i = write(cl, buf, len); - } - } -c_break: - (void) close(s); - return 0; - } else if (r->type != HEAD) { - while (my_poll(s, IN) > 0 && (len = read(s, buf, sizeof(buf))) > 0) { - if (my_poll(cl, OUT) <= 0 || write(cl, buf, len) < 1) { - (void) close(s); - return -1; - } - } - (void) close(s); - return 0; - } - - return 0; -} diff -uNr ffproxy-1.6-RC1/request.h ffproxy-RC2/request.h --- ffproxy-1.6-RC1/request.h 2002-07-25 14:24:10.000000000 +0200 +++ ffproxy-RC2/request.h 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -void handle_request(int, struct clinfo *); diff -uNr ffproxy-1.6-RC1/sample.config ffproxy-RC2/sample.config --- ffproxy-1.6-RC1/sample.config 2004-06-08 00:53:48.000000000 +0200 +++ ffproxy-RC2/sample.config 1970-01-01 01:00:00.000000000 +0100 @@ -1,140 +0,0 @@ -# -# sample configuration file for ffproxy(8) -# (version 1.6) -# -# lines starting with '#' are comments - -# run as daemon? -# (default: no) -#daemonize yes -#daemonize no - -# number of child processes, -# that is, the maximum number of concurrent requests -# (default: 10) -#child_processes 10 - -# ffproxy binds to any IPv4 address -# and any IPv6 address by default -# -# bind to IPv4? (default: yes) -#bind_ipv4 no -#bind_ipv4 yes -# bind to IPv6? (default: yes) -#bind_ipv6 no -#bind_ipv6 yes -# -# Hostname or IP to bind to -# (default is any IP) -# -#bind_ipv4_host 192.168.10.1 -#bind_ipv4_host martyr.burden.eu.org -#bind_ipv6_host ::1 -#bind_ipv6_host oz.burden.eu.org - -# listen on port -# (default: 8080) -#port 1111 -#port 8080 - -# use IPv6 when contacting servers? -# (default: yes) -#use_ipv6 no -#use_ipv6 yes - -# use syslog? -# (default: yes) -#use_syslog no -#use_syslog yes - -# log all requests? -# (default: no) -# to use, set also use_syslog to yes -#log_all_requests yes -#log_all_requests no - -# change UID and GID -# -# to use, both uid and gid must be set -# (disabled by default) -#uid proxy -#gid proxy -#uid 37 -#gid 38 - -# change root to (only in connection with uid and gid change) -# /etc/resolv.conf might need to be copied -# to chroot_dir/etc/resolv.conf -# (disabled by default) -#chroot_dir /var/ffproxy - -# forward to proxy (auxiliary proxy) -# (set `forward_proxy_port 0' to explicitly disable feature -# (i.e, when reloading configuration file via SIGHUP)) -# (disabled by default) -#forward_proxy blackness.burden.eu.org -#forward_proxy 192.168.10.5 -#forward_proxy ::1 -#forward_proxy_port 8082 -#forward_proxy_port 0 - -# try IPv6 for auxiliary proxy? -# use_ipv6 must be set to yes, too -# (default: yes) -#forward_proxy_ipv6 no -#forward_proxy_ipv6 yes - -# path to db/ and html/ directories -# (default: /var/ffproxy) -# (Note: if ffproxy runs chrooted, -# give a path name relative to new root, or, -# if db_files_path is the same as root, use db_files_path ./ -# You have to start ffproxy in the new root directory, -# otherwise it won't find the database files. -# Please keep in mind that ffproxy's config file has to -# be within chroot directory, otherwise it will not find -# its config file on reload) -#db_files_path ./ -#db_files_path /var/ffproxy - -# http accelerator -# (disabled by default) -# -# if you want to use ffproxy as http accelerator (that is, connecting -# to just one http server and beeing used as front-end to that, e.g. -# in DMZ) uncomments options below (port is optional, defaults to 80) -# (set `accel_port 0' to explicitly disable feature -# (i.e, when reloading configuration file via SIGHUP)) -#accel_host 10.254.1.2 -#accel_host revelation.martyr.eu.org -#accel_port 80 -#accel_port 0 -# -# Omit Host: accel_host:accel_port in Header -# to provide own Host: header via db/filter.header.add? -# (default: yes) -#accel_user_host no -#accel_user_host yes - -# keep alive on client to proxy connections -# (enabled by default) -#use_keep_alive no -#use_keep_alive yes - -# allow CONNECT request to other than port 443 (HTTPS) -# (CONNECT enables HTTPS proxying) -# (disabled by default for security) -#unrestricted_connect yes -#unrestricted_connect no - -# timeout for CONNECT requests in seconds -# (default: 5) -#timeout_connect 20 -#timeout_connect 5 - -# backlog size for accept() -# (default: 4) -#backlog_size 16 -#backlog_size 4 - -# end of file diff -uNr ffproxy-1.6-RC1/signals.c ffproxy-RC2/signals.c --- ffproxy-1.6-RC1/signals.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/signals.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,79 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: signals.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include - -#include - -#include "cfg.h" -#include "print.h" -#include "db.h" -#include "signals.h" - -static void sigchld(int); -static void sighup(int); -static void sigterm(int); -static void sigint(int); - -extern struct cfg config; - -static void -sigchld(int dummy) -{ - int status; - pid_t pid; - - (void) dummy; - while ((pid = waitpid(-1, &status, WNOHANG)) > 0) - config.ccount--; -} - -static void -sighup(int dummy) -{ - (void) dummy; - info("SIGHUP received, reloading databases"); - reload_databases(); -} - -static void -sigterm(int dummy) -{ - (void) dummy; - fatal_n("SIGTERM received"); -} - -static void -sigint(int dummy) -{ - (void) dummy; - fatal_n("SIGINT received"); -} - -void -init_sighandlers(void) -{ - signal(SIGCHLD, sigchld); - signal(SIGHUP, sighup); - signal(SIGTERM, sigterm); - signal(SIGINT, sigint); -} diff -uNr ffproxy-1.6-RC1/signals.h ffproxy-RC2/signals.h --- ffproxy-1.6-RC1/signals.h 2002-07-08 18:06:15.000000000 +0200 +++ ffproxy-RC2/signals.h 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -void init_sighandlers(void); diff -uNr ffproxy-1.6-RC1/socket.c ffproxy-RC2/socket.c --- ffproxy-1.6-RC1/socket.c 2004-06-08 10:07:12.000000000 +0200 +++ ffproxy-RC2/socket.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,191 +0,0 @@ -/* - * ffproxy (c) 2002, 2003 Niklas Olmes - * http://faith.eu.org - * - * $Id: socket.c,v 2.0 2004/06/08 06:39:51 niklas Exp $ - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "req.h" -#include "cfg.h" -#include "print.h" -#include "request.h" -#include "dns.h" -#include "access.h" -#include "socket.h" - -#define DFLT_PORT 8080 -#ifndef INFTIM -#define INFTIM -1 -#endif - -void -open_socket(void) -{ - extern struct cfg config; - struct sockaddr claddr; - struct addrinfo hints[2], *res; - struct clinfo *clinfo; - struct pollfd s[2]; - socklen_t claddr_len; - pid_t pid; - void *foo; - char strport[6]; - char *ip_add; - int st, cl, i; - int num_fd; - int isipv4; - - if (config.port == 0) - config.port = DFLT_PORT; - (void) snprintf(strport, sizeof(strport), "%d", config.port); - - num_fd = 0; - if (config.bind_ipv4) - num_fd++; - if (config.bind_ipv6) - num_fd++; - - i = 0; - (void) memset(s, 0, sizeof(s)); - s[0].fd = s[1].fd = 0; - while (i < num_fd) { - (void) memset(&hints[i], 0, sizeof(struct addrinfo)); - hints[i].ai_family = (i == 0 && config.bind_ipv4) ? PF_INET : PF_INET6; - hints[i].ai_socktype = SOCK_STREAM; - hints[i].ai_flags = AI_PASSIVE; - if (i == 0 && config.bind_ipv4) { - if (*config.ipv4 == '\0') - ip_add = NULL; - else - ip_add = config.ipv4; - } else { - if (*config.ipv6 == '\0') - ip_add = NULL; - else - ip_add = config.ipv6; - } - if (getaddrinfo(ip_add, strport, &hints[i], &res)) - fatal("getaddrinfo() failed for (%s) %s", ip_add, (i == 0 && config.bind_ipv4) ? "IPv4" : "IPv6"); - if ((s[i].fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) < 0) { - if (i == 1 || (config.ipv6 && !config.ipv4)) - fatal("socket() failed for IPv6, perhaps your system does not support IPv6.\nTry -B or `bind_ipv6 no' to disable IPv6 binding.\nError message"); - else - fatal("socket() failed for IPv4"); - } - if (setsockopt(s[i].fd, SOL_SOCKET, SO_REUSEADDR, &foo, sizeof(foo)) != 0) { - (void) close(s[i].fd); - fatal("setsockopt() failed for (%s) %s", ip_add, (i == 0 && config.bind_ipv4) ? "IPv4" : "IPv6"); - } - if (bind(s[i].fd, (struct sockaddr *) res->ai_addr, res->ai_addrlen) < 0) { - (void) close(s[i].fd); -#if defined(__linux__) - if (i == 1) - fatal("could not bind to IPv6, possibly because of\nLinux's ``feature'' to bind to IPv4 also.\nTry -b or binding to specific IPv6 address via -C\nif you're using IPv6 with Linux 2.4\nError message"); -#endif /* __linux__ */ - fatal("bind() failed for (%s) %s", ip_add, (i == 0 && config.bind_ipv4) ? "IPv4" : "IPv6"); - } - if (listen(s[i].fd, config.backlog) != 0) { - (void) close(s[i].fd); - fatal("listen() failed for (%s) %s",ip_add, (i == 0 && config.bind_ipv4) ? "IPv4" : "IPv6"); - } - freeaddrinfo(res); - - s[i].events = POLLIN; - i++; - } - - if (config.bind_ipv4) - info("waiting for requests on %s port %d (IPv4)", *config.ipv4 ? config.ipv4 : "(any)", config.port); - if (config.bind_ipv6) - info("waiting for requests on %s port %d (IPv6)", *config.ipv6 ? config.ipv6 : "(any)", config.port); - - claddr_len = sizeof(claddr); - config.ccount = 0; - cl = 0; - isipv4 = config.bind_ipv4; - - for (;;) { - if (config.ccount >= config.childs) { - (void) usleep(50000); - continue; - } - if (num_fd == 2) { - i = poll(s, 2, INFTIM); - if (i < 1) { - continue; - } else { - if (s[0].revents == POLLIN) { - st = s[0].fd; - isipv4 = 1; - } else { - st = s[1].fd; - isipv4 = 0; - } - } - } else - st = s[0].fd; - if ((cl = accept(st, (struct sockaddr *) & claddr, &claddr_len)) == -1) { - DEBUG(("open_socket() => accept() failed")); - continue; - } - - DEBUG(("open_socket() => connection, checking access")); - clinfo = identify(&claddr, (socklen_t) isipv4 ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6)); - if (check_access(clinfo) != 0) { - DEBUG(("open_socket() => no access")); - if (config.logrequests) - info("connection attempt from (%s) [%s], ACCESS DENIED", clinfo->name, clinfo->ip); - free(clinfo); - (void) close(cl); - continue; - } - if (config.logrequests) - info("connection attempt from (%s) [%s], access granted", clinfo->name, clinfo->ip); - - if ((pid = fork()) == -1) { - DEBUG(("open_socket() => fork() failed")); - free(clinfo); - (void) close(cl); - continue; - } else if (pid == 0) { - (void) close(s[0].fd); - if (num_fd == 2) - (void) close(s[1].fd); - setup_log_slave(); - handle_request(cl, clinfo); - free(clinfo); - (void) close(cl); - exit(0); - } else { - free(clinfo); - config.ccount++; - (void) close(cl); - } - } - - /* NOTREACHED */ -} diff -uNr ffproxy-1.6-RC1/socket.h ffproxy-RC2/socket.h --- ffproxy-1.6-RC1/socket.h 2002-07-25 14:24:10.000000000 +0200 +++ ffproxy-RC2/socket.h 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -void open_socket(void); diff -uNr ffproxy-1.6-RC1/sys-dep.sh ffproxy-RC2/sys-dep.sh --- ffproxy-1.6-RC1/sys-dep.sh 2003-08-09 00:44:47.000000000 +0200 +++ ffproxy-RC2/sys-dep.sh 1970-01-01 01:00:00.000000000 +0100 @@ -1,17 +0,0 @@ -#!/bin/sh -# $Id: sys-dep.sh,v 1.2 2003/08/08 22:44:47 niklas Exp $ -# SunOS needs libraries libsocket and libnsl - -SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" -case "${SYSTEM}" in - SunOS) - LIBS="-lsocket -lnsl" - echo "Linking for SunOS..." - echo $1 $2 ${LIBS} $3 $4 - $1 $2 ${LIBS} $3 $4 - ;; - *) - echo $1 $2 $3 $4 - $1 $2 $3 $4 - ;; -esac