正则表达式白名单过滤

src/Makefile.inc

@@ -23,7 +23,7 @@ ftp$(OBJSUFFICS): ftp.c proxy.h structures.h
 sockgetchar$(OBJSUFFICS): sockgetchar.c proxy.h structures.h
 	$(CC) $(CFLAGS) sockgetchar.c
 
-proxy$(OBJSUFFICS): proxy.c proxy.h structures.h proxymain.c
+proxy$(OBJSUFFICS): proxy.c proxy.h structures.h proxymain.c libs/regex.c libs/regex.h
 	$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP $(DEFINEOPTION)ANONYMOUS proxy.c
 
 $(BUILDDIR)proxy$(EXESUFFICS): sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS)

src/proxy.c

@@ -8,9 +8,24 @@
 
 
 #include "proxy.h"
+#include "libs/regex.h"
 
 #define RETURN(xxx) { param->res = xxx; goto CLEANRET; }
 
+char * website_white_list[] = {
+		"^.*\.baidu\.com",
+		"^.*\.news\.cn"
+		"^.*\.zjol\.com\.cn",
+		"^.*\.hangzhou\.com\.cn",
+		"^.*\.sina\.com\.cn",
+		"^.*\.163\.com",
+		"^.*\.sohu\.com",
+		"^.*\.qq\.com",
+		"^.*\.youku\.com",
+		"^.*\.soku\.com",
+		NULL
+};
+
 char * proxy_stringtable[] = {
 /* 0 */	"HTTP/1.0 400 Bad Request\r\n"
 	"Proxy-Connection: close\r\n"
@@ -214,7 +229,6 @@ void file2url(unsigned char *sb, unsigned char *buf, unsigned bufsize, int * inb
 
 
 void * proxychild(struct clientparam* param) {
- RETURN(1000);
  int res=0, i=0;
  unsigned char* buf = NULL, *newbuf;
  int inbuf;
@@ -354,6 +368,26 @@ for(;;){
 		memmove(ss, se, i - (se - sb) + 1);
 	}
  }
+ {
+	regex_t reg;
+	size_t nmatch = 1;
+	regmatch_t pmatch[nmatch];
+	int wwli = 0;
+	int result;
+	for(;;){
+		if(website_white_list[wwli]){
+			regcomp(&reg,website_white_list[wwli],0);
+			result = regexec(&reg,param->hostname,nmatch,pmatch,0);
+			regfree(&reg);
+			wwli++;
+			if(result == 0){
+				break;
+			}
+		}else{
+			RETURN(1000);
+		}
+	}
+ }
  reqlen = i = (int)strlen((char *)buf);
  if(!strncasecmp((char *)buf, "CONNECT", 7))param->operation = HTTP_CONNECT;
  else if(!strncasecmp((char *)buf, "GET", 3))param->operation = (ftp)?FTP_GET:HTTP_GET;