diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in index ac16efe..54024cb 100644 --- a/etc/tinyproxy.conf.in +++ b/etc/tinyproxy.conf.in @@ -140,32 +140,37 @@ LogLevel Info # The upstream rules allow you to selectively route upstream connections # based on the host/domain of the site being accessed. # +# Syntax: upstream type (user:pass@)ip:port ("domain") +# Or: upstream none "domain" +# The parts in parens are optional. +# Possible types are http, socks4, socks5, none +# # For example: # # connection to test domain goes through testproxy -# upstream testproxy:8008 ".test.domain.invalid" -# upstream testproxy:8008 ".our_testbed.example.com" -# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# upstream http testproxy:8008 ".test.domain.invalid" +# upstream http testproxy:8008 ".our_testbed.example.com" +# upstream http testproxy:8008 "192.168.128.0/255.255.254.0" # # # upstream proxy using basic authentication -# upstream user:pass@testproxy:8008 ".test.domain.invalid" +# upstream http user:pass@testproxy:8008 ".test.domain.invalid" # # # no upstream proxy for internal websites and unqualified hosts -# no upstream ".internal.example.com" -# no upstream "www.example.com" -# no upstream "10.0.0.0/8" -# no upstream "192.168.0.0/255.255.254.0" -# no upstream "." +# upstream none ".internal.example.com" +# upstream none "www.example.com" +# upstream none "10.0.0.0/8" +# upstream none "192.168.0.0/255.255.254.0" +# upstream none "." # # # connection to these boxes go through their DMZ firewalls -# upstream cust1_firewall:8008 "testbed_for_cust1" -# upstream cust2_firewall:8008 "testbed_for_cust2" +# upstream http cust1_firewall:8008 "testbed_for_cust1" +# upstream http cust2_firewall:8008 "testbed_for_cust2" # # # default upstream is internet firewall -# upstream firewall.internal.example.com:80 +# upstream http firewall.internal.example.com:80 # -# You may also use SOCKS4/SOCKS5 upstream proxies by using upstream4/upstream5: -# upstream4 127.0.0.1:9050 -# upstream5 socksproxy:1080 +# You may also use SOCKS4/SOCKS5 upstream proxies: +# upstream socks4 127.0.0.1:9050 +# upstream socks5 socksproxy:1080 # # The LAST matching rule wins the route decision. As you can see, you # can use a host, or a domain: @@ -175,7 +180,7 @@ LogLevel Info # IP/bits matches network/mask # IP/mask matches network/mask # -#Upstream some.remote.proxy:port +#Upstream http some.remote.proxy:port # # MaxClients: This is the absolute highest number of threads which will diff --git a/src/conf.c b/src/conf.c index ca9764e..ac7354f 100644 --- a/src/conf.c +++ b/src/conf.c @@ -162,8 +162,6 @@ static HANDLE_FUNC (handle_xtinyproxy); #ifdef UPSTREAM_SUPPORT static HANDLE_FUNC (handle_upstream); -static HANDLE_FUNC (handle_upstream4); -static HANDLE_FUNC (handle_upstream5); static HANDLE_FUNC (handle_upstream_no); #endif @@ -254,25 +252,16 @@ struct { STDCONF ("reversepath", STR "(" WS STR ")?", handle_reversepath), #endif #ifdef UPSTREAM_SUPPORT - /* upstream is rather complicated */ { - BEGIN "(no" WS "upstream)" WS STR END, handle_upstream_no, NULL + BEGIN "(upstream)" WS "(none)" WS STR END, handle_upstream_no, NULL }, { - BEGIN "(upstream)" WS + BEGIN "(upstream)" WS "(http|socks4|socks5)" WS "(" ALNUM /*username*/ ":" ALNUM /*password*/ "@" ")?" "(" IP "|" ALNUM ")" ":" INT "(" WS STR ")?" END, handle_upstream, NULL }, - { - BEGIN "(upstream4)" WS "(" IP "|" ALNUM ")" ":" INT "(" WS STR - ")?" END, handle_upstream4, NULL - }, - { - BEGIN "(upstream5)" WS "(" IP "|" ALNUM ")" ":" INT "(" WS STR - ")?" END, handle_upstream5, NULL - }, #endif /* loglevel */ STDCONF ("loglevel", "(critical|error|warning|notice|connect|info)", @@ -1099,12 +1088,33 @@ static HANDLE_FUNC (handle_reversepath) #endif #ifdef UPSTREAM_SUPPORT -static int _handle_upstream(struct config_s* conf, const char* line, - regmatch_t match[], proxy_type type) + +static enum proxy_type pt_from_string(const char *s) +{ + static const char pt_map[][7] = { + [PT_NONE] = "none", + [PT_HTTP] = "http", + [PT_SOCKS4] = "socks4", + [PT_SOCKS5] = "socks5", + }; + unsigned i; + for (i = 0; i < sizeof(pt_map)/sizeof(pt_map[0]); i++) + if (!strcmp(pt_map[i], s)) + return i; + return PT_NONE; +} + +static HANDLE_FUNC (handle_upstream) { char *ip; - int port, mi = 3; - char *domain = 0, *user = 0, *pass = 0; + int port, mi = 2; + char *domain = 0, *user = 0, *pass = 0, *tmp; + enum proxy_type pt; + + tmp = get_string_arg (line, &match[mi]); + pt = pt_from_string(tmp); + safefree(tmp); + mi += 2; if (match[mi].rm_so != -1) user = get_string_arg (line, &match[mi]); @@ -1125,7 +1135,7 @@ static int _handle_upstream(struct config_s* conf, const char* line, if (match[mi].rm_so != -1) domain = get_string_arg (line, &match[mi]); - upstream_add (ip, port, domain, user, pass, type, &conf->upstream_list); + upstream_add (ip, port, domain, user, pass, pt, &conf->upstream_list); safefree (user); safefree (pass); @@ -1135,30 +1145,15 @@ static int _handle_upstream(struct config_s* conf, const char* line, return 0; } -static HANDLE_FUNC (handle_upstream) -{ - return _handle_upstream(conf, line, match, PT_HTTP); -} - -static HANDLE_FUNC (handle_upstream4) -{ - return _handle_upstream(conf, line, match, PT_SOCKS4); -} - -static HANDLE_FUNC (handle_upstream5) -{ - return _handle_upstream(conf, line, match, PT_SOCKS5); -} - static HANDLE_FUNC (handle_upstream_no) { char *domain; - domain = get_string_arg (line, &match[2]); + domain = get_string_arg (line, &match[3]); if (!domain) return -1; - upstream_add (NULL, 0, domain, 0, 0, PT_HTTP, &conf->upstream_list); + upstream_add (NULL, 0, domain, 0, 0, PT_NONE, &conf->upstream_list); safefree (domain); return 0; diff --git a/src/upstream.c b/src/upstream.c index 0c6b14e..38afacd 100644 --- a/src/upstream.c +++ b/src/upstream.c @@ -92,7 +92,7 @@ static struct upstream *upstream_build (const char *host, int port, const char * log_message (LOG_INFO, "Added upstream %s %s:%d for [default]", proxy_type_name(type), host, port); - } else if (host == NULL) { + } else if (host == NULL || type == PT_NONE) { if (!domain || domain[0] == '\0') { log_message (LOG_WARNING, "Nonsense no-upstream rule: empty domain");