Compare commits
49 Commits
rofl0r-pat
...
master
Author | SHA1 | Date | |
---|---|---|---|
|
cea0ebe657 | ||
|
05f6e4e000 | ||
|
c04ba4711a | ||
|
73da8a35a3 | ||
|
d652ed8538 | ||
|
72b93f6d4b | ||
|
942d0c6b03 | ||
|
dd49e975a0 | ||
|
e69788b761 | ||
|
12a8484265 | ||
|
92289d5a4c | ||
|
c4df45b7e4 | ||
|
84285b640d | ||
|
c834073968 | ||
|
1289d8afc8 | ||
|
2935519eb7 | ||
|
d7c20e663f | ||
|
1e615e66a9 | ||
|
2bec15ee40 | ||
|
ef60434b39 | ||
|
31339cb161 | ||
|
470cc0863d | ||
|
6ffd9af2c7 | ||
|
3764b85514 | ||
|
84f203fb1c | ||
|
121be4a74e | ||
|
8b373f804e | ||
|
90adf28663 | ||
|
ea75e79609 | ||
|
d6ee3835f0 | ||
|
d9e38babb7 | ||
|
77cd87efef | ||
|
7d1e86ccae | ||
|
235b1c10a7 | ||
|
26db3f6cc9 | ||
|
14d31ed63f | ||
|
c63028d675 | ||
|
9718be09c1 | ||
|
479df8ecec | ||
|
1576ee279f | ||
|
eced6822f8 | ||
|
17d3733be3 | ||
|
79d0b0fa79 | ||
|
d3d8943fe4 | ||
|
f0c291e1da | ||
|
207f790314 | ||
|
c1023f6821 | ||
|
39d7bf6c70 | ||
|
e91e48dd60 |
20
.github/ISSUE_TEMPLATE/new-issue--bug-report--question.md
vendored
Normal file
20
.github/ISSUE_TEMPLATE/new-issue--bug-report--question.md
vendored
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
name: New Issue, Bug report, Question
|
||||||
|
about: New Issue, Bug report, Question
|
||||||
|
title: ''
|
||||||
|
labels: ''
|
||||||
|
assignees: ''
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
# IMPORTANT NOTICE
|
||||||
|
|
||||||
|
Before filing an issue here PLEASE keep in mind that **tinyproxy 1.10.0 and older are no longer supported**.
|
||||||
|
Do not report issues with 1.10.0 or older, first try latest release 1.11.0, or even better, git master, and see whether the issue is already fixed.
|
||||||
|
|
||||||
|
## Tinyproxy version
|
||||||
|
State the tinyproxy version you're using; whether git master or 1.11.0 stable.
|
||||||
|
|
||||||
|
## Issue
|
||||||
|
Fill in your Issue text here.
|
||||||
|
A good issue report is detailed and includes full error messages from tinyproxy's output, not "X doesn't work".
|
4
.github/workflows/main.yml
vendored
4
.github/workflows/main.yml
vendored
@ -27,8 +27,8 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: install valgrind
|
- run: sudo apt update
|
||||||
run: sudo apt-get install --assume-yes valgrind
|
- run: sudo apt install --assume-yes valgrind
|
||||||
- run: ./autogen.sh
|
- run: ./autogen.sh
|
||||||
- run: ./configure --enable-debug --enable-transparent --enable-reverse
|
- run: ./configure --enable-debug --enable-transparent --enable-reverse
|
||||||
- run: make
|
- run: make
|
||||||
|
40
.github/workflows/release_tarball.yml
vendored
Normal file
40
.github/workflows/release_tarball.yml
vendored
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
name: Generate Source Tarball
|
||||||
|
|
||||||
|
# Trigger whenever a release is created
|
||||||
|
on:
|
||||||
|
release:
|
||||||
|
types:
|
||||||
|
- created
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
name: build
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
submodules: recursive
|
||||||
|
|
||||||
|
- name: archive
|
||||||
|
id: archive
|
||||||
|
run: |
|
||||||
|
sudo apt install -y gperf
|
||||||
|
rm -rf .git
|
||||||
|
autoreconf -i
|
||||||
|
VERSION=$(cat VERSION)
|
||||||
|
PKGNAME="tinyproxy-$VERSION"
|
||||||
|
./configure
|
||||||
|
make dist
|
||||||
|
echo "tarball_xz=${PKGNAME}.tar.xz" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "tarball_gz=${PKGNAME}.tar.gz" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "tarball_bz2=${PKGNAME}.tar.bz2" >> "$GITHUB_OUTPUT"
|
||||||
|
|
||||||
|
- name: upload tarballs
|
||||||
|
uses: softprops/action-gh-release@v2
|
||||||
|
with:
|
||||||
|
files: |
|
||||||
|
${{ steps.archive.outputs.tarball_xz }}
|
||||||
|
${{ steps.archive.outputs.tarball_gz }}
|
||||||
|
${{ steps.archive.outputs.tarball_bz2 }}
|
||||||
|
|
@ -89,4 +89,4 @@ and create a [pull request](https://github.com/tinyproxy/tinyproxy/pulls).
|
|||||||
|
|
||||||
You can meet developers and users to discuss development,
|
You can meet developers and users to discuss development,
|
||||||
patches and deployment issues in the `#tinyproxy` IRC channel on
|
patches and deployment issues in the `#tinyproxy` IRC channel on
|
||||||
Freenode (`irc.freenode.net`).
|
libera (`irc.libera.chat`).
|
||||||
|
28
SECURITY.md
Normal file
28
SECURITY.md
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
| Version | Supported |
|
||||||
|
| --------- | ------------------ |
|
||||||
|
| 1.11.x | :white_check_mark: |
|
||||||
|
| <= 1.10.x | :x: |
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Open a public issue on github. The issue will most likely be fixed
|
||||||
|
within a day, unless all maintainers happen to just be taking a
|
||||||
|
vacation at the same time, which is unlikely.
|
||||||
|
|
||||||
|
Even then, having the bug publicly known will allow competent people
|
||||||
|
to come up with custom patches for distros, most likely quicker
|
||||||
|
than black hats can craft a remote execution exploit.
|
||||||
|
|
||||||
|
If you really really do not want to make the issue public, come
|
||||||
|
to the tinyproxy IRC channel and ask for a maintainer, which you
|
||||||
|
can then contact via private messages.
|
||||||
|
|
||||||
|
Do not, however, like ["TALOS Intelligence"](https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889)
|
||||||
|
pull a random email address out of git log, then send an email
|
||||||
|
nobody reads or responds to, and wait for 6 months for publication.
|
||||||
|
this only gives black hats plenty time to sell, use and circulate
|
||||||
|
zero days and get the best possible ROI.
|
13
configure.ac
13
configure.ac
@ -173,6 +173,9 @@ fi
|
|||||||
dnl
|
dnl
|
||||||
dnl Substitute the variables into the various Makefiles
|
dnl Substitute the variables into the various Makefiles
|
||||||
dnl
|
dnl
|
||||||
|
# runstatedir isn't available for Autoconf < 2.70
|
||||||
|
AS_IF([test -z "${runstatedir}"], [runstatedir='${localstatedir}/run'])
|
||||||
|
AC_SUBST([runstatedir])
|
||||||
AC_SUBST(CFLAGS)
|
AC_SUBST(CFLAGS)
|
||||||
AC_SUBST(LDFLAGS)
|
AC_SUBST(LDFLAGS)
|
||||||
AC_SUBST(CPPFLAGS)
|
AC_SUBST(CPPFLAGS)
|
||||||
@ -194,20 +197,21 @@ fi #manpage_support_enabled
|
|||||||
AM_CONDITIONAL(HAVE_POD2MAN, test "x$POD2MAN" != "x" -a "x$POD2MAN" != "xno")
|
AM_CONDITIONAL(HAVE_POD2MAN, test "x$POD2MAN" != "x" -a "x$POD2MAN" != "xno")
|
||||||
|
|
||||||
AC_PATH_PROG(GPERF, gperf, no)
|
AC_PATH_PROG(GPERF, gperf, no)
|
||||||
AM_CONDITIONAL(HAVE_GPERF, test "x$GPERF" != "x" -a "x$GPERF" != "xno")
|
|
||||||
AH_TEMPLATE([HAVE_GPERF],
|
AH_TEMPLATE([HAVE_GPERF],
|
||||||
[Whether you have gperf installed for faster config parsing.])
|
[Whether you have gperf installed for faster config parsing.])
|
||||||
|
|
||||||
|
tmp_gperf=false
|
||||||
if test "x$GPERF" != "x" -a "x$GPERF" != "xno" ; then
|
if test "x$GPERF" != "x" -a "x$GPERF" != "xno" ; then
|
||||||
AS_ECHO_N(["checking whether gperf is recent enough... "])
|
AS_ECHO_N(["checking whether gperf is recent enough... "])
|
||||||
if "$GPERF" < src/conf-tokens.gperf >/dev/null 2>&1 ; then
|
if "$GPERF" < src/conf-tokens.gperf >/dev/null 2>&1 ; then
|
||||||
AS_ECHO("yes")
|
AS_ECHO("yes")
|
||||||
AC_DEFINE(HAVE_GPERF)
|
AC_DEFINE(HAVE_GPERF)
|
||||||
|
tmp_gperf=true
|
||||||
else
|
else
|
||||||
AM_CONDITIONAL(HAVE_GPERF, false)
|
|
||||||
AS_ECHO("no")
|
AS_ECHO("no")
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
AM_CONDITIONAL(HAVE_GPERF, $tmp_gperf)
|
||||||
|
|
||||||
AC_CONFIG_FILES([
|
AC_CONFIG_FILES([
|
||||||
Makefile
|
Makefile
|
||||||
@ -219,7 +223,6 @@ docs/Makefile
|
|||||||
docs/man5/Makefile
|
docs/man5/Makefile
|
||||||
docs/man5/tinyproxy.conf.txt
|
docs/man5/tinyproxy.conf.txt
|
||||||
docs/man8/Makefile
|
docs/man8/Makefile
|
||||||
docs/man8/tinyproxy.txt
|
|
||||||
m4macros/Makefile
|
m4macros/Makefile
|
||||||
tests/Makefile
|
tests/Makefile
|
||||||
tests/scripts/Makefile
|
tests/scripts/Makefile
|
||||||
@ -244,3 +247,7 @@ if test "x$POD2MAN" = "xno" ; then
|
|||||||
touch docs/man8/tinyproxy.8
|
touch docs/man8/tinyproxy.8
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test "x$HAVE_GPERF" = "xno" && test -e src/conf-tokens-gperf.inc ; then
|
||||||
|
touch src/conf-tokens-gperf.inc
|
||||||
|
fi
|
||||||
|
@ -30,9 +30,6 @@
|
|||||||
<dt>clienthost</dt>
|
<dt>clienthost</dt>
|
||||||
<dd>{clienthost}</dd>
|
<dd>{clienthost}</dd>
|
||||||
|
|
||||||
<dt>version</dt>
|
|
||||||
<dd>{version}</dd>
|
|
||||||
|
|
||||||
<dt>package</dt>
|
<dt>package</dt>
|
||||||
<dd>{package}</dd>
|
<dd>{package}</dd>
|
||||||
|
|
||||||
@ -49,7 +46,7 @@
|
|||||||
|
|
||||||
<hr />
|
<hr />
|
||||||
|
|
||||||
<p><em>Generated by <a href="{website}">{package}</a> version {version}.</em></p>
|
<p><em>Generated by <a href="{website}">{package}</a>.</em></p>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
<hr />
|
<hr />
|
||||||
|
|
||||||
<p><em>Generated by <a href="{website}">{package}</a> version {version}.</em></p>
|
<p><em>Generated by <a href="{website}">{package}</a>.</em></p>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
|
|
||||||
|
@ -1,69 +1,95 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8" ?>
|
<!DOCTYPE html>
|
||||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
||||||
|
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<title>Stats [{package}]</title>
|
||||||
|
<meta charset="UTF-8" />
|
||||||
|
<style type="text/css">
|
||||||
|
body {
|
||||||
|
color: #eee;
|
||||||
|
background: #110d0d;
|
||||||
|
text-align: center;
|
||||||
|
font: 12pt/1.6 Open Sans, Segoe UI, sans-serif;
|
||||||
|
}
|
||||||
|
#container {
|
||||||
|
position: absolute;
|
||||||
|
top: 0;
|
||||||
|
left: 0;
|
||||||
|
margin: 0;
|
||||||
|
width: 100%;
|
||||||
|
height: 100%;
|
||||||
|
display: table;
|
||||||
|
}
|
||||||
|
#inner {
|
||||||
|
width: 100%;
|
||||||
|
display: table-cell;
|
||||||
|
vertical-align: middle;
|
||||||
|
}
|
||||||
|
table {
|
||||||
|
width: auto;
|
||||||
|
margin: auto;
|
||||||
|
height: auto;
|
||||||
|
background: #222020;
|
||||||
|
border: 1px solid #777373;
|
||||||
|
border-spacing: 3px;
|
||||||
|
}
|
||||||
|
th,
|
||||||
|
td {
|
||||||
|
padding: 6px 18px;
|
||||||
|
}
|
||||||
|
th {
|
||||||
|
font-weight: 700;
|
||||||
|
background: linear-gradient(to bottom, #777373, #555151);
|
||||||
|
}
|
||||||
|
.odd {
|
||||||
|
background: #444040;
|
||||||
|
}
|
||||||
|
.even {
|
||||||
|
background: #555151;
|
||||||
|
}
|
||||||
|
.center {
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
.right {
|
||||||
|
text-align: right;
|
||||||
|
font-weight: 600;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
|
||||||
<head>
|
<body>
|
||||||
<title>{package} version {version} run-time statistics</title>
|
<div id="container">
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
<div id="inner">
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th colspan="2">{package} statistics</th>
|
||||||
|
</tr>
|
||||||
|
<tr class="odd">
|
||||||
|
<td class="right">Open connections</td>
|
||||||
|
<td class="center">{opens}</td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
<style type="text/css" media="screen">
|
<tr class="even">
|
||||||
<!--/*--><![CDATA[<!--*/
|
<td class="right">Bad connections</td>
|
||||||
|
<td class="center">{badconns}</td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
th, td
|
<tr class="odd">
|
||||||
{
|
<td class="right">Denied connections</td>
|
||||||
text-align: left;
|
<td class="center">{deniedconns}</td>
|
||||||
padding: 0.5em;
|
</tr>
|
||||||
border: 1px solid gray;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*]]>*/-->
|
<tr class="even">
|
||||||
</style>
|
<td class="right">Refused (high load)</td>
|
||||||
|
<td class="center">{refusedconns}</td>
|
||||||
</head>
|
</tr>
|
||||||
|
|
||||||
<body>
|
|
||||||
|
|
||||||
<h1>{package} version {version} run-time statistics</h1>
|
|
||||||
|
|
||||||
<table>
|
|
||||||
|
|
||||||
<tr>
|
|
||||||
<th>Name</th>
|
|
||||||
<th>Value</th>
|
|
||||||
</tr>
|
|
||||||
|
|
||||||
<tr>
|
|
||||||
<td>Number of open connections</td>
|
|
||||||
<td>{opens}</td>
|
|
||||||
</tr>
|
|
||||||
|
|
||||||
<tr>
|
|
||||||
<td>Number of requests</td>
|
|
||||||
<td>{reqs}</td>
|
|
||||||
</tr>
|
|
||||||
|
|
||||||
<tr>
|
|
||||||
<td>Number of bad connections</td>
|
|
||||||
<td>{badconns}</td>
|
|
||||||
</tr>
|
|
||||||
|
|
||||||
<tr>
|
|
||||||
<td>Number of denied connections</td>
|
|
||||||
<td>{deniedconns}</td>
|
|
||||||
</tr>
|
|
||||||
|
|
||||||
<tr>
|
|
||||||
<td>Number of refused connections due to high load</td>
|
|
||||||
<td>{refusedconns}</td>
|
|
||||||
</tr>
|
|
||||||
|
|
||||||
</table>
|
|
||||||
|
|
||||||
<hr />
|
|
||||||
|
|
||||||
<p><em>Generated by <a href="{website}">{package}</a> version {version}.</em></p>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
|
|
||||||
|
<tr class="odd">
|
||||||
|
<td class="right">Total requests</td>
|
||||||
|
<td class="center">{reqs}</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
@ -22,8 +22,8 @@ configuration file.
|
|||||||
The Tinyproxy configuration file contains key-value pairs, one per
|
The Tinyproxy configuration file contains key-value pairs, one per
|
||||||
line. Lines starting with `#` and empty lines are comments and are
|
line. Lines starting with `#` and empty lines are comments and are
|
||||||
ignored. Keywords are case-insensitive, whereas values are
|
ignored. Keywords are case-insensitive, whereas values are
|
||||||
case-sensitive. Values may be enclosed in double-quotes (") if they
|
case-sensitive. Some string values must be enclosed in double
|
||||||
contain spaces.
|
quotes (") as noted below.
|
||||||
|
|
||||||
The possible keywords and their descriptions are as follows:
|
The possible keywords and their descriptions are as follows:
|
||||||
|
|
||||||
@ -57,7 +57,7 @@ only on one specific address.
|
|||||||
=item B<Bind>
|
=item B<Bind>
|
||||||
|
|
||||||
This allows you to specify which address Tinyproxy will bind
|
This allows you to specify which address Tinyproxy will bind
|
||||||
to for outgoing connections to web servers or upstream proxies.
|
to for outgoing connections.
|
||||||
This parameter may be specified multiple times, then Tinyproxy
|
This parameter may be specified multiple times, then Tinyproxy
|
||||||
will try all the specified addresses in order.
|
will try all the specified addresses in order.
|
||||||
|
|
||||||
@ -76,29 +76,29 @@ allowed to have before it is closed by Tinyproxy.
|
|||||||
|
|
||||||
This parameter controls which HTML file Tinyproxy returns when a
|
This parameter controls which HTML file Tinyproxy returns when a
|
||||||
given HTTP error occurs. It takes two arguments, the error number
|
given HTTP error occurs. It takes two arguments, the error number
|
||||||
and the location of the HTML error file.
|
and the location of the HTML error file. Enclose the file location
|
||||||
|
in double quotes.
|
||||||
|
|
||||||
=item B<DefaultErrorFile>
|
=item B<DefaultErrorFile>
|
||||||
|
|
||||||
This parameter controls the HTML template file returned when an
|
The HTML template file returned when an error occurs for which no
|
||||||
error occurs for which no specific error file has been set.
|
specific error file has been set. Enclose in double quotes.
|
||||||
|
|
||||||
=item B<StatHost>
|
=item B<StatHost>
|
||||||
|
|
||||||
This configures the host name or IP address that is treated
|
The host name or IP address that is treated as the `stat host`.
|
||||||
as the `stat host`: Whenever a request for this host is received,
|
Enclose in double quotes. Whenever Tinyproxy receives a request for
|
||||||
Tinyproxy will return an internal statistics page instead of
|
the `stat host` it returns an internal statistics page instead of
|
||||||
forwarding the request to that host. The template for this
|
forwarding the request to that host. The template for this page can be
|
||||||
page can be configured with the `StatFile` configuration option.
|
configured with the `StatFile` configuration option. The default value
|
||||||
The default value of `StatHost` is `@TINYPROXY_STATHOST@`.
|
of `StatHost` is `@TINYPROXY_STATHOST@`.
|
||||||
|
|
||||||
=item B<StatFile>
|
=item B<StatFile>
|
||||||
|
|
||||||
This configures the HTML file that Tinyproxy sends when
|
The HTML file that Tinyproxy sends in response to a request for the
|
||||||
a request for the stathost is received. If this parameter is
|
`stat host`. Enclose in double quotes. If this parameter is not set,
|
||||||
not set, Tinyproxy returns a hard-coded basic statistics page.
|
Tinyproxy returns a hard-coded basic statistics page. See the STATHOST
|
||||||
See the STATHOST section in the L<tinyproxy(8)> manual page
|
section in the L<tinyproxy(8)> manual page for details.
|
||||||
for details.
|
|
||||||
|
|
||||||
Note that the StatFile and the error files configured with ErrorFile
|
Note that the StatFile and the error files configured with ErrorFile
|
||||||
and DefaultErrorFile are template files that can contain a few
|
and DefaultErrorFile are template files that can contain a few
|
||||||
@ -109,9 +109,9 @@ manual page contains a description of all template variables.
|
|||||||
|
|
||||||
=item B<LogFile>
|
=item B<LogFile>
|
||||||
|
|
||||||
This controls the location of the file to which Tinyproxy
|
The location of the file to which Tinyproxy writes its debug output.
|
||||||
writes its debug output. Alternatively, Tinyproxy can log
|
Enclose in double quotes. Alternatively, Tinyproxy can log to syslog
|
||||||
to syslog -- see the Syslog option.
|
-- see the Syslog option.
|
||||||
|
|
||||||
=item B<Syslog>
|
=item B<Syslog>
|
||||||
|
|
||||||
@ -144,8 +144,8 @@ and below would be suppressed. Allowed values are:
|
|||||||
|
|
||||||
=item B<PidFile>
|
=item B<PidFile>
|
||||||
|
|
||||||
This option controls the location of the file where the main
|
The location of the file where the main Tinyproxy process stores its
|
||||||
Tinyproxy process stores its process ID for signaling purposes.
|
process ID for signaling purposes. Enclose in double quotes.
|
||||||
|
|
||||||
=item B<XTinyproxy>
|
=item B<XTinyproxy>
|
||||||
|
|
||||||
@ -173,12 +173,20 @@ turns on the upstream proxy for the sites matching `site_spec`.
|
|||||||
|
|
||||||
`type` can be one of `http`, `socks4`, `socks5`, `none`.
|
`type` can be one of `http`, `socks4`, `socks5`, `none`.
|
||||||
|
|
||||||
|
a `site_spec` is either a full domain name, a domain name starting with a
|
||||||
|
`.`, in which case it is treated as a suffix, or an ip/mask tuple.
|
||||||
|
the `site_spec` needs to be double-quoted.
|
||||||
|
|
||||||
=item * I<upstream none "site_spec">
|
=item * I<upstream none "site_spec">
|
||||||
turns off upstream support for sites matching `site_spec`, that means the
|
turns off upstream support for sites matching `site_spec`, that means the
|
||||||
connection is done directly.
|
connection is done directly.
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
|
It's recommended to use raw IP addresses to specify the upstream host, so
|
||||||
|
no costly DNS lookup has to be done everytime it is used.
|
||||||
|
IPv6 addresses need to be enclosed in square brackets.
|
||||||
|
|
||||||
The site can be specified in various forms as a hostname, domain
|
The site can be specified in various forms as a hostname, domain
|
||||||
name or as an IP range:
|
name or as an IP range:
|
||||||
|
|
||||||
@ -235,6 +243,14 @@ access is only granted for authenticated users.
|
|||||||
|
|
||||||
BasicAuth user password
|
BasicAuth user password
|
||||||
|
|
||||||
|
=item B<BasicAuthRealm>
|
||||||
|
|
||||||
|
In case "BasicAuth" is configured, the "realm" information.
|
||||||
|
"Proxy Authentication Required" status http 407 "error-response" can be
|
||||||
|
customized.
|
||||||
|
|
||||||
|
- defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
|
||||||
|
|
||||||
=item B<AddHeader>
|
=item B<AddHeader>
|
||||||
|
|
||||||
Configure one or more HTTP request headers to be added to outgoing
|
Configure one or more HTTP request headers to be added to outgoing
|
||||||
@ -250,7 +266,8 @@ RFC 2616 requires proxies to add a `Via` header to the HTTP
|
|||||||
requests, but using the real host name can be a security
|
requests, but using the real host name can be a security
|
||||||
concern. If the `ViaProxyname` option is present, then its
|
concern. If the `ViaProxyname` option is present, then its
|
||||||
string value will be used as the host name in the Via header.
|
string value will be used as the host name in the Via header.
|
||||||
Otherwise, the server's host name will be used.
|
Otherwise, the server's host name will be used. Enclose in double
|
||||||
|
quotes.
|
||||||
|
|
||||||
=item B<DisableViaHeader>
|
=item B<DisableViaHeader>
|
||||||
|
|
||||||
@ -267,7 +284,7 @@ domains. This option specifies the location of the file
|
|||||||
containing the filter rules, one rule per line.
|
containing the filter rules, one rule per line.
|
||||||
|
|
||||||
Rules are specified as POSIX basic regular expressions (BRE), unless
|
Rules are specified as POSIX basic regular expressions (BRE), unless
|
||||||
FilterExtended is activated.
|
another FilterType is specified.
|
||||||
Comment lines start with a `#` character.
|
Comment lines start with a `#` character.
|
||||||
|
|
||||||
Example filter file contents:
|
Example filter file contents:
|
||||||
@ -287,6 +304,20 @@ Example filter file contents:
|
|||||||
# filter any domain that starts with adserver
|
# filter any domain that starts with adserver
|
||||||
^adserver
|
^adserver
|
||||||
|
|
||||||
|
=item B<FilterType>
|
||||||
|
|
||||||
|
This option can be set to one of `bre`, `ere`, or `fnmatch`.
|
||||||
|
If `bre` is set, the rules specified in the filter file are matched
|
||||||
|
using POSIX basic regular expressions, when set to `ere`, using
|
||||||
|
POSIX extended regular expressions, and when set to `fnmatch` using
|
||||||
|
the `fnmatch` function as specified in the manpage `man 3p fnmatch`.
|
||||||
|
`fnmatch` matching is identical to what's used in the shell to match
|
||||||
|
filenames, so for example `*.google.com` matches everything that
|
||||||
|
ends with `.google.com`.
|
||||||
|
If you don't know what regular expressions are or you're using filter
|
||||||
|
lists from 3rd party sources, `fnmatch` is probably what you want.
|
||||||
|
It's also the fastest matching method of the three.
|
||||||
|
|
||||||
=item B<FilterURLs>
|
=item B<FilterURLs>
|
||||||
|
|
||||||
If this boolean option is set to `Yes` or `On`, filtering is
|
If this boolean option is set to `Yes` or `On`, filtering is
|
||||||
@ -300,6 +331,7 @@ recommended not to use this option.
|
|||||||
|
|
||||||
=item B<FilterExtended>
|
=item B<FilterExtended>
|
||||||
|
|
||||||
|
Deprecated. Use `FilterType ere` instead.
|
||||||
If this boolean option is set to `Yes`, then extended POSIX
|
If this boolean option is set to `Yes`, then extended POSIX
|
||||||
regular expressions are used for matching the filter rules.
|
regular expressions are used for matching the filter rules.
|
||||||
The default is to use basic POSIX regular expressions.
|
The default is to use basic POSIX regular expressions.
|
||||||
@ -308,7 +340,11 @@ The default is to use basic POSIX regular expressions.
|
|||||||
|
|
||||||
If this boolean option is set to `Yes`, then the filter rules
|
If this boolean option is set to `Yes`, then the filter rules
|
||||||
are matched in a case sensitive manner. The default is to
|
are matched in a case sensitive manner. The default is to
|
||||||
match case-insensitively.
|
match case-insensitively, unfortunately.
|
||||||
|
If you set this to `Yes`, then your matching will be almost
|
||||||
|
twice as fast.
|
||||||
|
This setting affects only `bre` and `ere` FilterTypes, fnmatch
|
||||||
|
is always case sensitive.
|
||||||
|
|
||||||
=item B<FilterDefaultDeny>
|
=item B<FilterDefaultDeny>
|
||||||
|
|
||||||
@ -325,7 +361,7 @@ If an `Anonymous` keyword is present, then anonymous proxying
|
|||||||
is enabled. The headers listed with `Anonymous` are allowed
|
is enabled. The headers listed with `Anonymous` are allowed
|
||||||
through, while all others are denied. If no Anonymous keyword
|
through, while all others are denied. If no Anonymous keyword
|
||||||
is present, then all headers are allowed through. You must
|
is present, then all headers are allowed through. You must
|
||||||
include quotes around the headers.
|
include double quotes around the headers.
|
||||||
|
|
||||||
Most sites require cookies to be enabled for them to work correctly, so
|
Most sites require cookies to be enabled for them to work correctly, so
|
||||||
you will need to allow cookies through if you access those sites.
|
you will need to allow cookies through if you access those sites.
|
||||||
@ -396,7 +432,7 @@ This manpage was written by the Tinyproxy project team.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright (c) 1998-2020 the Tinyproxy authors.
|
Copyright (c) 1998-2024 the Tinyproxy authors.
|
||||||
|
|
||||||
This program is distributed under the terms of the GNU General Public
|
This program is distributed under the terms of the GNU General Public
|
||||||
License version 2 or above. See the COPYING file for additional
|
License version 2 or above. See the COPYING file for additional
|
||||||
|
@ -9,6 +9,17 @@ M_NAME=TINYPROXY
|
|||||||
man_MANS = \
|
man_MANS = \
|
||||||
$(MAN8_FILES:.txt=.8)
|
$(MAN8_FILES:.txt=.8)
|
||||||
|
|
||||||
|
edit = sed \
|
||||||
|
-e 's|@localstatedir[@]|$(localstatedir)|g' \
|
||||||
|
-e 's|@runstatedir[@]|$(runstatedir)|g' \
|
||||||
|
-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
|
||||||
|
-e 's|@TINYPROXY_STATHOST[@]|$(TINYPROXY_STATHOST)|g'
|
||||||
|
|
||||||
|
tinyproxy.txt: $(top_srcdir)/docs/man8/tinyproxy.txt.in Makefile
|
||||||
|
@rm -f $@ $@.tmp
|
||||||
|
$(AM_V_GEN) $(edit) $(top_srcdir)/docs/man8/$@.in > $@.tmp
|
||||||
|
@mv $@.tmp $@
|
||||||
|
|
||||||
.txt.8:
|
.txt.8:
|
||||||
if HAVE_POD2MAN
|
if HAVE_POD2MAN
|
||||||
$(AM_V_GEN) $(POD2MAN) --center="Tinyproxy manual" \
|
$(AM_V_GEN) $(POD2MAN) --center="Tinyproxy manual" \
|
||||||
|
@ -156,7 +156,11 @@ configuration variable `StatFile`.
|
|||||||
|
|
||||||
=head1 FILES
|
=head1 FILES
|
||||||
|
|
||||||
`/etc/tinyproxy/tinyproxy.conf`, `/var/run/tinyproxy/tinyproxy.pid`, `/var/log/tinyproxy/tinyproxy.log`
|
F<@sysconfdir@/tinyproxy/tinyproxy.conf>
|
||||||
|
|
||||||
|
F<@runstatedir@/tinyproxy/tinyproxy.pid>
|
||||||
|
|
||||||
|
F<@localstatedir@/log/tinyproxy/tinyproxy.log>
|
||||||
|
|
||||||
=head1 BUGS
|
=head1 BUGS
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li>Feel free to report a new bug or suggest features via github issues.</li>
|
<li>Feel free to report a new bug or suggest features via github issues.</li>
|
||||||
<li>Tinyproxy developers hang out in #tinyproxy on irc.freenode.net.</li>
|
<li>Tinyproxy developers hang out in #tinyproxy on irc.libera.chat.</li>
|
||||||
</ul>
|
</ul>
|
||||||
</section>
|
</section>
|
||||||
</div>
|
</div>
|
||||||
|
@ -41,25 +41,27 @@
|
|||||||
|
|
||||||
<p>Tinyproxy requires only a <strong>minimal POSIX environment</strong> to build and operate. It can use additional libraries to add functionality though.</p>
|
<p>Tinyproxy requires only a <strong>minimal POSIX environment</strong> to build and operate. It can use additional libraries to add functionality though.</p>
|
||||||
|
|
||||||
<p>Tinyproxy allows forwarding of <strong>HTTPS connections</strong> without modifying traffic in any way through the <code>CONNECT</code> method (see the <code>ConnectPort</code> directive).</p>
|
<p>Tinyproxy allows forwarding of <strong>HTTPS connections</strong> without modifying traffic in any way through the <code>CONNECT</code> method (see the <code>ConnectPort</code> directive, which you should disable, unless you want to restrict the users).</p>
|
||||||
|
|
||||||
<p>Tinyproxy supports being configured as a <strong>transparent proxy</strong>, so that a proxy can be used without requiring any client-side configuration. You can also use it as a <strong>reverse proxy</strong> front-end to your websites.</p>
|
<p>Tinyproxy supports being configured as a <strong>transparent proxy</strong>, so that a proxy can be used without requiring any client-side configuration. You can also use it as a <strong>reverse proxy</strong> front-end to your websites.</p>
|
||||||
|
|
||||||
<p>Using the <code>AddHeader</code> directive, you can <strong>add/insert HTTP headers</strong> to outgoing traffic.</p>
|
<p>Using the <code>AddHeader</code> directive, you can <strong>add/insert HTTP headers</strong> to outgoing traffic (HTTP only).</p>
|
||||||
|
|
||||||
<p>If you're looking to build a custom web proxy, Tinyproxy is <strong>easy to modify</strong> to your custom needs. The source is straightforward, adhering to the KISS principle. As such, it can be used as a foundation for anything you may need a web proxy to do.</p>
|
<p>If you're looking to build a custom web proxy, Tinyproxy is <strong>easy to modify</strong> to your custom needs. The source is straightforward, adhering to the KISS principle. As such, it can be used as a foundation for anything you may need a web proxy to do.</p>
|
||||||
|
|
||||||
<p>Tinyproxy has <strong>privacy features</strong> which can let you configure which HTTP headers should be allowed through, and which should be blocked. This allows you to restrict both what data comes to your web browser from the HTTP server (e.g., cookies), and to restrict what data is allowed through from your web browser to the HTTP server (e.g., version information).</p>
|
<p>Tinyproxy has <strong>privacy features</strong> which can let you configure which HTTP headers should be allowed through, and which should be blocked. This allows you to restrict both what data comes to your web browser from the HTTP server (e.g., cookies), and to restrict what data is allowed through from your web browser to the HTTP server (e.g., version information). Note that these features do not affect HTTPS connections.</p>
|
||||||
|
|
||||||
<p>Using the <strong>remote monitoring</strong> facility, you can access proxy statistics from afar, letting you know exactly how busy the proxy is.</p>
|
<p>Using the <strong>remote monitoring</strong> facility, you can access proxy statistics from afar, letting you know exactly how busy the proxy is.</p>
|
||||||
|
|
||||||
<p>You can configure Tinyproxy to <strong>control access</strong> by only allowing requests from a certain subnet, or from a certain interface, thus ensuring that random, unauthorized people will not be using your proxy.</p>
|
<p>You can configure Tinyproxy to <strong>control access</strong> by only allowing requests from a certain subnet, or from a certain interface, thus ensuring that random, unauthorized people will not be using your proxy.</p>
|
||||||
|
|
||||||
<p>With a bit of configuration (specifically, making Tinyproxy created files owned by a non-root user and running it on a port greater than 1024), Tinyproxy can be made to run without any special privileges, thus minimizing the chance of system compromise. Furthermore, it was designed with an eye towards preventing buffer overflows. The simplicity of the code ensures it remains easy to spot such bugs.</p>
|
<p>With a bit of configuration (specifically, making Tinyproxy created files owned by a non-root user and running it on a port greater than 1024), Tinyproxy can be made to run without any special privileges, thus minimizing the chance of system compromise. In fact, it is <b>recommended</b> to run it as a regular/restricted user. Furthermore, it was designed with an eye towards preventing buffer overflows. The simplicity of the code ensures it remains easy to spot such bugs.</p>
|
||||||
|
|
||||||
<h2>
|
<h2>
|
||||||
<a id="downloads" class="anchor" href="#downloads" aria-hidden="true"><span class="octicon octicon-link"></span></a>Downloads</h2>
|
<a id="downloads" class="anchor" href="#downloads" aria-hidden="true"><span class="octicon octicon-link"></span></a>Downloads</h2>
|
||||||
|
|
||||||
|
<p>Note that many distributions ship horribly outdated versions of tinyproxy, therefore it is recommended to compile it from source.</p>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li>On Red Hat Enterprise Linux, or its derivatives such as CentOS, install Tinyproxy from the EPEL repository by running yum install tinyproxy.</li>
|
<li>On Red Hat Enterprise Linux, or its derivatives such as CentOS, install Tinyproxy from the EPEL repository by running yum install tinyproxy.</li>
|
||||||
<li>On Fedora, install Tinyproxy by running yum install tinyproxy.</li>
|
<li>On Fedora, install Tinyproxy by running yum install tinyproxy.</li>
|
||||||
@ -70,7 +72,7 @@
|
|||||||
<li>Mac OS X users can check MacPorts to see if the Tinyproxy port there is recent enough.</li>
|
<li>Mac OS X users can check MacPorts to see if the Tinyproxy port there is recent enough.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<p>If you feel that the Tinyproxy binary package in your operating system is not recent, please contact the package maintainer for that particular operating system. If this fails, you can always compile the latest stable version from source code.</p>
|
<p>If you feel that the Tinyproxy binary package in your operating system is not recent (likely), please contact the package maintainer for that particular operating system. If this fails, you can always compile the latest stable, or even better, the latest git master version, from source code.</p>
|
||||||
|
|
||||||
<p>We distribute Tinyproxy in source code form, and it has to be compiled in order to be used on your system. Please see the INSTALL file in the source code tree for build instructions. The current stable version of Tinyproxy is available on the <a href="https://github.com/tinyproxy/tinyproxy/releases">releases page</a>. The Tinyproxy NEWS file contains the release notes. You can verify the tarball using its PGP signature. You can also browse the older releases of Tinyproxy.</p>
|
<p>We distribute Tinyproxy in source code form, and it has to be compiled in order to be used on your system. Please see the INSTALL file in the source code tree for build instructions. The current stable version of Tinyproxy is available on the <a href="https://github.com/tinyproxy/tinyproxy/releases">releases page</a>. The Tinyproxy NEWS file contains the release notes. You can verify the tarball using its PGP signature. You can also browse the older releases of Tinyproxy.</p>
|
||||||
|
|
||||||
@ -78,5 +80,19 @@
|
|||||||
|
|
||||||
<p>git clone <a href="https://github.com/tinyproxy/tinyproxy.git">https://github.com/tinyproxy/tinyproxy.git</a></p>
|
<p>git clone <a href="https://github.com/tinyproxy/tinyproxy.git">https://github.com/tinyproxy/tinyproxy.git</a></p>
|
||||||
|
|
||||||
|
<h2>
|
||||||
|
<a id="quickstart" class="anchor" href="#quickstart" aria-hidden="true"><span class="octicon octicon-link"></span></a>Quickstart</h2>
|
||||||
|
|
||||||
|
<p>The quickest way to get started is using a minimal config file like the below:</p>
|
||||||
|
|
||||||
|
<pre><code>
|
||||||
|
Port 8888
|
||||||
|
Listen 127.0.0.1
|
||||||
|
Timeout 600
|
||||||
|
Allow 127.0.0.1
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>And then simply run <code>tinyproxy -d -c tinyproxy.conf</code> as your current user. This starts tinyproxy in foreground mode with <code>tinyproxy.conf</code> as its config, while logging to stdout. Now, all programs supporting a HTTP proxy can use 127.0.0.1:8888 as a proxy. You can try it out using <code>http_proxy=127.0.0.1:8888 curl example.com</code>.</p>
|
||||||
|
|
||||||
<h2>
|
<h2>
|
||||||
<a id="documentation" class="anchor" href="#documentation" aria-hidden="true"><span class="octicon octicon-link"></span></a>Documentation</h2>
|
<a id="documentation" class="anchor" href="#documentation" aria-hidden="true"><span class="octicon octicon-link"></span></a>Documentation</h2>
|
||||||
|
@ -12,6 +12,7 @@ edit = sed \
|
|||||||
-e 's|@datarootdir[@]|$(datarootdir)|g' \
|
-e 's|@datarootdir[@]|$(datarootdir)|g' \
|
||||||
-e 's|@pkgsysconfdir[@]|$(pkgsysconfdir)|g' \
|
-e 's|@pkgsysconfdir[@]|$(pkgsysconfdir)|g' \
|
||||||
-e 's|@localstatedir[@]|$(localstatedir)|g' \
|
-e 's|@localstatedir[@]|$(localstatedir)|g' \
|
||||||
|
-e 's|@runstatedir[@]|$(runstatedir)|g' \
|
||||||
-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
|
-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
|
||||||
-e 's|@prefix[@]|$(prefix)|g' \
|
-e 's|@prefix[@]|$(prefix)|g' \
|
||||||
-e 's|@TINYPROXY_STATHOST[@]|$(TINYPROXY_STATHOST)|g'
|
-e 's|@TINYPROXY_STATHOST[@]|$(TINYPROXY_STATHOST)|g'
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
##
|
##
|
||||||
## This example tinyproxy.conf file contains example settings
|
## This example tinyproxy.conf file contains example settings
|
||||||
## with explanations in comments. For decriptions of all
|
## with explanations in comments. For decriptions of all
|
||||||
## parameters, see the tinproxy.conf(5) manual page.
|
## parameters, see the tinyproxy.conf(5) manual page.
|
||||||
##
|
##
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -56,8 +56,8 @@ Timeout 600
|
|||||||
# /usr/share/tinyproxy
|
# /usr/share/tinyproxy
|
||||||
# /etc/tinyproxy
|
# /etc/tinyproxy
|
||||||
#
|
#
|
||||||
#ErrorFile 404 "@pkgdatadir@/404.html"
|
|
||||||
#ErrorFile 400 "@pkgdatadir@/400.html"
|
#ErrorFile 400 "@pkgdatadir@/400.html"
|
||||||
|
#ErrorFile 502 "@pkgdatadir@/502.html"
|
||||||
#ErrorFile 503 "@pkgdatadir@/503.html"
|
#ErrorFile 503 "@pkgdatadir@/503.html"
|
||||||
#ErrorFile 403 "@pkgdatadir@/403.html"
|
#ErrorFile 403 "@pkgdatadir@/403.html"
|
||||||
#ErrorFile 408 "@pkgdatadir@/408.html"
|
#ErrorFile 408 "@pkgdatadir@/408.html"
|
||||||
@ -124,7 +124,7 @@ LogLevel Info
|
|||||||
# can be used for signalling purposes.
|
# can be used for signalling purposes.
|
||||||
# If not specified, no pidfile will be written.
|
# If not specified, no pidfile will be written.
|
||||||
#
|
#
|
||||||
#PidFile "@localstatedir@/run/tinyproxy/tinyproxy.pid"
|
#PidFile "@runstatedir@/tinyproxy/tinyproxy.pid"
|
||||||
|
|
||||||
#
|
#
|
||||||
# XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
|
# XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
|
||||||
@ -205,6 +205,13 @@ Allow ::1
|
|||||||
# users.
|
# users.
|
||||||
#BasicAuth user password
|
#BasicAuth user password
|
||||||
|
|
||||||
|
# BasicAuthRealm : In case BasicAuth is configured, the "realm" information.
|
||||||
|
# "Proxy Authentication Required" status http 407 "error-response" can be
|
||||||
|
# customized.
|
||||||
|
#
|
||||||
|
# - defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
|
||||||
|
#BasicAuthRealm "Tinyproxy"
|
||||||
|
|
||||||
#
|
#
|
||||||
# AddHeader: Adds the specified headers to outgoing HTTP requests that
|
# AddHeader: Adds the specified headers to outgoing HTTP requests that
|
||||||
# Tinyproxy makes. Note that this option will not work for HTTPS
|
# Tinyproxy makes. Note that this option will not work for HTTPS
|
||||||
@ -240,10 +247,9 @@ ViaProxyName "tinyproxy"
|
|||||||
#FilterURLs On
|
#FilterURLs On
|
||||||
|
|
||||||
#
|
#
|
||||||
# FilterExtended: Use POSIX Extended regular expressions rather than
|
# FilterType: Use bre (default), ere, or fnmatch for filtering.
|
||||||
# basic.
|
|
||||||
#
|
#
|
||||||
#FilterExtended On
|
#FilterType fnmatch
|
||||||
|
|
||||||
#
|
#
|
||||||
# FilterCaseSensitive: Use case sensitive regular expressions.
|
# FilterCaseSensitive: Use case sensitive regular expressions.
|
||||||
@ -321,6 +327,3 @@ ViaProxyName "tinyproxy"
|
|||||||
# If not set then no rewriting occurs.
|
# If not set then no rewriting occurs.
|
||||||
#
|
#
|
||||||
#ReverseBaseURL "http://localhost:8888/"
|
#ReverseBaseURL "http://localhost:8888/"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -67,5 +67,5 @@ conf-tokens-gperf.inc: conf-tokens.gperf
|
|||||||
$(GPERF) $< > $@
|
$(GPERF) $< > $@
|
||||||
endif
|
endif
|
||||||
|
|
||||||
EXTRA_DIST = conf-tokens.gperf
|
EXTRA_DIST = conf-tokens.gperf conf-tokens-gperf.inc
|
||||||
|
|
||||||
|
@ -81,7 +81,7 @@ void child_main_loop (void)
|
|||||||
int connfd;
|
int connfd;
|
||||||
union sockaddr_union cliaddr_storage;
|
union sockaddr_union cliaddr_storage;
|
||||||
struct sockaddr *cliaddr = (void*) &cliaddr_storage;
|
struct sockaddr *cliaddr = (void*) &cliaddr_storage;
|
||||||
socklen_t clilen = sizeof(cliaddr_storage);
|
socklen_t clilen;
|
||||||
int nfds = sblist_getsize(listen_fds);
|
int nfds = sblist_getsize(listen_fds);
|
||||||
pollfd_struct *fds = safecalloc(nfds, sizeof *fds);
|
pollfd_struct *fds = safecalloc(nfds, sizeof *fds);
|
||||||
ssize_t i;
|
ssize_t i;
|
||||||
@ -167,6 +167,7 @@ void child_main_loop (void)
|
|||||||
* Continue handling this connection.
|
* Continue handling this connection.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
clilen = sizeof(cliaddr_storage);
|
||||||
connfd = accept (listenfd, cliaddr, &clilen);
|
connfd = accept (listenfd, cliaddr, &clilen);
|
||||||
|
|
||||||
|
|
||||||
|
@ -34,6 +34,7 @@ config_directive_find (register const char *str, register size_t len)
|
|||||||
{"defaulterrorfile", CD_defaulterrorfile},
|
{"defaulterrorfile", CD_defaulterrorfile},
|
||||||
{"startservers", CD_startservers},
|
{"startservers", CD_startservers},
|
||||||
{"filtercasesensitive", CD_filtercasesensitive},
|
{"filtercasesensitive", CD_filtercasesensitive},
|
||||||
|
{"filtertype", CD_filtertype},
|
||||||
{"filterurls", CD_filterurls},
|
{"filterurls", CD_filterurls},
|
||||||
{"filter", CD_filter},
|
{"filter", CD_filter},
|
||||||
{"reversemagic", CD_reversemagic},
|
{"reversemagic", CD_reversemagic},
|
||||||
@ -56,6 +57,7 @@ config_directive_find (register const char *str, register size_t len)
|
|||||||
{"connectport", CD_connectport},
|
{"connectport", CD_connectport},
|
||||||
{"logfile", CD_logfile},
|
{"logfile", CD_logfile},
|
||||||
{"basicauth", CD_basicauth},
|
{"basicauth", CD_basicauth},
|
||||||
|
{"basicauthrealm", CD_basicauthrealm},
|
||||||
{"addheader", CD_addheader},
|
{"addheader", CD_addheader},
|
||||||
{"maxrequestsperchild", CD_maxrequestsperchild}
|
{"maxrequestsperchild", CD_maxrequestsperchild}
|
||||||
};
|
};
|
||||||
|
@ -44,6 +44,7 @@ allow, CD_allow
|
|||||||
deny, CD_deny
|
deny, CD_deny
|
||||||
bind, CD_bind
|
bind, CD_bind
|
||||||
basicauth, CD_basicauth
|
basicauth, CD_basicauth
|
||||||
|
basicauthrealm, CD_basicauthrealm
|
||||||
errorfile, CD_errorfile
|
errorfile, CD_errorfile
|
||||||
addheader, CD_addheader
|
addheader, CD_addheader
|
||||||
filter, CD_filter
|
filter, CD_filter
|
||||||
@ -51,6 +52,7 @@ filterurls, CD_filterurls
|
|||||||
filterextended, CD_filterextended
|
filterextended, CD_filterextended
|
||||||
filterdefaultdeny, CD_filterdefaultdeny
|
filterdefaultdeny, CD_filterdefaultdeny
|
||||||
filtercasesensitive, CD_filtercasesensitive
|
filtercasesensitive, CD_filtercasesensitive
|
||||||
|
filtertype, CD_filtertype
|
||||||
reversebaseurl, CD_reversebaseurl
|
reversebaseurl, CD_reversebaseurl
|
||||||
reverseonly, CD_reverseonly
|
reverseonly, CD_reverseonly
|
||||||
reversemagic, CD_reversemagic
|
reversemagic, CD_reversemagic
|
||||||
|
@ -29,10 +29,12 @@ CD_allow,
|
|||||||
CD_deny,
|
CD_deny,
|
||||||
CD_bind,
|
CD_bind,
|
||||||
CD_basicauth,
|
CD_basicauth,
|
||||||
|
CD_basicauthrealm,
|
||||||
CD_errorfile,
|
CD_errorfile,
|
||||||
CD_addheader,
|
CD_addheader,
|
||||||
CD_filter,
|
CD_filter,
|
||||||
CD_filterurls,
|
CD_filterurls,
|
||||||
|
CD_filtertype,
|
||||||
CD_filterextended,
|
CD_filterextended,
|
||||||
CD_filterdefaultdeny,
|
CD_filterdefaultdeny,
|
||||||
CD_filtercasesensitive,
|
CD_filtercasesensitive,
|
||||||
|
77
src/conf.c
77
src/conf.c
@ -66,9 +66,10 @@
|
|||||||
#define PASSWORD "([^@]*)"
|
#define PASSWORD "([^@]*)"
|
||||||
#define IP "((([0-9]{1,3})\\.){3}[0-9]{1,3})"
|
#define IP "((([0-9]{1,3})\\.){3}[0-9]{1,3})"
|
||||||
#define IPMASK "(" IP "(/" DIGIT "+)?)"
|
#define IPMASK "(" IP "(/" DIGIT "+)?)"
|
||||||
|
#define IPV6SCOPE "((%[^ \t\\/]{1,16})?)"
|
||||||
#define IPV6 "(" \
|
#define IPV6 "(" \
|
||||||
"(([0-9a-f:]{2,39}))|" \
|
"([0-9a-f:]{2,39})" IPV6SCOPE "|" \
|
||||||
"(([0-9a-f:]{0,29}:" IP "))" \
|
"([0-9a-f:]{0,29}:" IP ")" IPV6SCOPE \
|
||||||
")"
|
")"
|
||||||
|
|
||||||
#define IPV6MASK "(" IPV6 "(/" DIGIT "+)?)"
|
#define IPV6MASK "(" IPV6 "(/" DIGIT "+)?)"
|
||||||
@ -80,7 +81,7 @@
|
|||||||
* number. Given the usual structure of the configuration file, sixteen
|
* number. Given the usual structure of the configuration file, sixteen
|
||||||
* substring matches should be plenty.
|
* substring matches should be plenty.
|
||||||
*/
|
*/
|
||||||
#define RE_MAX_MATCHES 24
|
#define RE_MAX_MATCHES 33
|
||||||
|
|
||||||
#define CP_WARN(FMT, ...) \
|
#define CP_WARN(FMT, ...) \
|
||||||
log_message (LOG_WARNING, "line %lu: " FMT, lineno, __VA_ARGS__)
|
log_message (LOG_WARNING, "line %lu: " FMT, lineno, __VA_ARGS__)
|
||||||
@ -121,6 +122,7 @@ static HANDLE_FUNC (handle_disabled_feature)
|
|||||||
|
|
||||||
static HANDLE_FUNC (handle_allow);
|
static HANDLE_FUNC (handle_allow);
|
||||||
static HANDLE_FUNC (handle_basicauth);
|
static HANDLE_FUNC (handle_basicauth);
|
||||||
|
static HANDLE_FUNC (handle_basicauthrealm);
|
||||||
static HANDLE_FUNC (handle_anonymous);
|
static HANDLE_FUNC (handle_anonymous);
|
||||||
static HANDLE_FUNC (handle_bind);
|
static HANDLE_FUNC (handle_bind);
|
||||||
static HANDLE_FUNC (handle_bindsame);
|
static HANDLE_FUNC (handle_bindsame);
|
||||||
@ -135,6 +137,7 @@ static HANDLE_FUNC (handle_filtercasesensitive);
|
|||||||
static HANDLE_FUNC (handle_filterdefaultdeny);
|
static HANDLE_FUNC (handle_filterdefaultdeny);
|
||||||
static HANDLE_FUNC (handle_filterextended);
|
static HANDLE_FUNC (handle_filterextended);
|
||||||
static HANDLE_FUNC (handle_filterurls);
|
static HANDLE_FUNC (handle_filterurls);
|
||||||
|
static HANDLE_FUNC (handle_filtertype);
|
||||||
#endif
|
#endif
|
||||||
static HANDLE_FUNC (handle_group);
|
static HANDLE_FUNC (handle_group);
|
||||||
static HANDLE_FUNC (handle_listen);
|
static HANDLE_FUNC (handle_listen);
|
||||||
@ -191,6 +194,7 @@ struct {
|
|||||||
regex_t *cre;
|
regex_t *cre;
|
||||||
} directives[] = {
|
} directives[] = {
|
||||||
/* string arguments */
|
/* string arguments */
|
||||||
|
STDCONF (basicauthrealm, STR, handle_basicauthrealm),
|
||||||
STDCONF (logfile, STR, handle_logfile),
|
STDCONF (logfile, STR, handle_logfile),
|
||||||
STDCONF (pidfile, STR, handle_pidfile),
|
STDCONF (pidfile, STR, handle_pidfile),
|
||||||
STDCONF (anonymous, STR, handle_anonymous),
|
STDCONF (anonymous, STR, handle_anonymous),
|
||||||
@ -223,7 +227,7 @@ struct {
|
|||||||
handle_deny),
|
handle_deny),
|
||||||
STDCONF (bind, "(" IP "|" IPV6 ")", handle_bind),
|
STDCONF (bind, "(" IP "|" IPV6 ")", handle_bind),
|
||||||
/* other */
|
/* other */
|
||||||
STDCONF (basicauth, ALNUM WS ALNUM, handle_basicauth),
|
STDCONF (basicauth, USERNAME WS PASSWORD, handle_basicauth),
|
||||||
STDCONF (errorfile, INT WS STR, handle_errorfile),
|
STDCONF (errorfile, INT WS STR, handle_errorfile),
|
||||||
STDCONF (addheader, STR WS STR, handle_addheader),
|
STDCONF (addheader, STR WS STR, handle_addheader),
|
||||||
|
|
||||||
@ -234,6 +238,7 @@ struct {
|
|||||||
STDCONF (filterextended, BOOL, handle_filterextended),
|
STDCONF (filterextended, BOOL, handle_filterextended),
|
||||||
STDCONF (filterdefaultdeny, BOOL, handle_filterdefaultdeny),
|
STDCONF (filterdefaultdeny, BOOL, handle_filterdefaultdeny),
|
||||||
STDCONF (filtercasesensitive, BOOL, handle_filtercasesensitive),
|
STDCONF (filtercasesensitive, BOOL, handle_filtercasesensitive),
|
||||||
|
STDCONF (filtertype, "(bre|ere|fnmatch)", handle_filtertype),
|
||||||
#endif
|
#endif
|
||||||
#ifdef REVERSE_SUPPORT
|
#ifdef REVERSE_SUPPORT
|
||||||
/* Reverse proxy arguments */
|
/* Reverse proxy arguments */
|
||||||
@ -247,7 +252,7 @@ struct {
|
|||||||
"(" "(none)" WS STR ")|" \
|
"(" "(none)" WS STR ")|" \
|
||||||
"(" "(http|socks4|socks5)" WS \
|
"(" "(http|socks4|socks5)" WS \
|
||||||
"(" USERNAME /*username*/ ":" PASSWORD /*password*/ "@" ")?"
|
"(" USERNAME /*username*/ ":" PASSWORD /*password*/ "@" ")?"
|
||||||
"(" IP "|" ALNUM ")"
|
"(" IP "|" "\\[(" IPV6 ")\\]" "|" ALNUM ")"
|
||||||
":" INT "(" WS STR ")?" ")", handle_upstream),
|
":" INT "(" WS STR ")?" ")", handle_upstream),
|
||||||
#endif
|
#endif
|
||||||
/* loglevel */
|
/* loglevel */
|
||||||
@ -291,6 +296,7 @@ void free_config (struct config_s *conf)
|
|||||||
char *k;
|
char *k;
|
||||||
htab_value *v;
|
htab_value *v;
|
||||||
size_t it;
|
size_t it;
|
||||||
|
safefree (conf->basicauth_realm);
|
||||||
safefree (conf->logf_name);
|
safefree (conf->logf_name);
|
||||||
safefree (conf->stathost);
|
safefree (conf->stathost);
|
||||||
safefree (conf->user);
|
safefree (conf->user);
|
||||||
@ -425,7 +431,7 @@ static int config_parse (struct config_s *conf, FILE * f)
|
|||||||
while(isspace(*p))p++;
|
while(isspace(*p))p++;
|
||||||
if(!*p) continue;
|
if(!*p) continue;
|
||||||
q = p;
|
q = p;
|
||||||
while(!isspace(*q))q++;
|
while(*q && !isspace(*q))q++;
|
||||||
c = *q;
|
c = *q;
|
||||||
*q = 0;
|
*q = 0;
|
||||||
e = config_directive_find(p, strlen(p));
|
e = config_directive_find(p, strlen(p));
|
||||||
@ -478,6 +484,7 @@ static void initialize_config_defaults (struct config_s *conf)
|
|||||||
* (FIXME: Should have a better API for all this)
|
* (FIXME: Should have a better API for all this)
|
||||||
*/
|
*/
|
||||||
conf->errorpages = NULL;
|
conf->errorpages = NULL;
|
||||||
|
conf->basicauth_realm = safestrdup (PACKAGE_NAME);
|
||||||
conf->stathost = safestrdup (TINYPROXY_STATHOST);
|
conf->stathost = safestrdup (TINYPROXY_STATHOST);
|
||||||
conf->idletimeout = MAX_IDLE_TIME;
|
conf->idletimeout = MAX_IDLE_TIME;
|
||||||
conf->logf_name = NULL;
|
conf->logf_name = NULL;
|
||||||
@ -631,6 +638,11 @@ set_int_arg (unsigned int *var, const char *line, regmatch_t * match)
|
|||||||
*
|
*
|
||||||
***********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
|
static HANDLE_FUNC (handle_basicauthrealm)
|
||||||
|
{
|
||||||
|
return set_string_arg (&conf->basicauth_realm, line, &match[2]);
|
||||||
|
}
|
||||||
|
|
||||||
static HANDLE_FUNC (handle_logfile)
|
static HANDLE_FUNC (handle_logfile)
|
||||||
{
|
{
|
||||||
return set_string_arg (&conf->logf_name, line, &match[2]);
|
return set_string_arg (&conf->logf_name, line, &match[2]);
|
||||||
@ -707,6 +719,8 @@ static HANDLE_FUNC (handle_xtinyproxy)
|
|||||||
#ifdef XTINYPROXY_ENABLE
|
#ifdef XTINYPROXY_ENABLE
|
||||||
return set_bool_arg (&conf->add_xtinyproxy, line, &match[2]);
|
return set_bool_arg (&conf->add_xtinyproxy, line, &match[2]);
|
||||||
#else
|
#else
|
||||||
|
if(!get_bool_arg(line, &match[2]))
|
||||||
|
return 0;
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
"XTinyproxy NOT Enabled! Recompile with --enable-xtinyproxy\n");
|
"XTinyproxy NOT Enabled! Recompile with --enable-xtinyproxy\n");
|
||||||
return 1;
|
return 1;
|
||||||
@ -950,6 +964,11 @@ static HANDLE_FUNC (handle_basicauth)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef FILTER_ENABLE
|
#ifdef FILTER_ENABLE
|
||||||
|
|
||||||
|
static void warn_deprecated(const char *arg, unsigned long lineno) {
|
||||||
|
CP_WARN ("deprecated option %s", arg);
|
||||||
|
}
|
||||||
|
|
||||||
static HANDLE_FUNC (handle_filter)
|
static HANDLE_FUNC (handle_filter)
|
||||||
{
|
{
|
||||||
return set_string_arg (&conf->filter, line, &match[2]);
|
return set_string_arg (&conf->filter, line, &match[2]);
|
||||||
@ -957,26 +976,53 @@ static HANDLE_FUNC (handle_filter)
|
|||||||
|
|
||||||
static HANDLE_FUNC (handle_filterurls)
|
static HANDLE_FUNC (handle_filterurls)
|
||||||
{
|
{
|
||||||
return set_bool_arg (&conf->filter_url, line, &match[2]);
|
conf->filter_opts |=
|
||||||
|
get_bool_arg (line, &match[2]) * FILTER_OPT_URL;
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static HANDLE_FUNC (handle_filterextended)
|
static HANDLE_FUNC (handle_filterextended)
|
||||||
{
|
{
|
||||||
return set_bool_arg (&conf->filter_extended, line, &match[2]);
|
warn_deprecated("FilterExtended, use FilterType", lineno);
|
||||||
|
conf->filter_opts |=
|
||||||
|
get_bool_arg (line, &match[2]) * FILTER_OPT_TYPE_ERE;
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static HANDLE_FUNC (handle_filterdefaultdeny)
|
static HANDLE_FUNC (handle_filterdefaultdeny)
|
||||||
{
|
{
|
||||||
assert (match[2].rm_so != -1);
|
assert (match[2].rm_so != -1);
|
||||||
|
conf->filter_opts |=
|
||||||
if (get_bool_arg (line, &match[2]))
|
get_bool_arg (line, &match[2]) * FILTER_OPT_DEFAULT_DENY;
|
||||||
filter_set_default_policy (FILTER_DEFAULT_DENY);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static HANDLE_FUNC (handle_filtercasesensitive)
|
static HANDLE_FUNC (handle_filtercasesensitive)
|
||||||
{
|
{
|
||||||
return set_bool_arg (&conf->filter_casesensitive, line, &match[2]);
|
conf->filter_opts |=
|
||||||
|
get_bool_arg (line, &match[2]) * FILTER_OPT_CASESENSITIVE;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static HANDLE_FUNC (handle_filtertype)
|
||||||
|
{
|
||||||
|
static const struct { unsigned short flag; char type[8]; }
|
||||||
|
ftmap[] = {
|
||||||
|
{FILTER_OPT_TYPE_ERE, "ere"},
|
||||||
|
{FILTER_OPT_TYPE_BRE, "bre"},
|
||||||
|
{FILTER_OPT_TYPE_FNMATCH, "fnmatch"},
|
||||||
|
};
|
||||||
|
char *type;
|
||||||
|
unsigned i;
|
||||||
|
type = get_string_arg(line, &match[2]);
|
||||||
|
if (!type) return -1;
|
||||||
|
|
||||||
|
for(i=0;i<sizeof(ftmap)/sizeof(ftmap[0]);++i)
|
||||||
|
if(!strcasecmp(ftmap[i].type, type))
|
||||||
|
conf->filter_opts |= ftmap[i].flag;
|
||||||
|
|
||||||
|
safefree (type);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1078,10 +1124,13 @@ static HANDLE_FUNC (handle_upstream)
|
|||||||
pass = get_string_arg (line, &match[mi]);
|
pass = get_string_arg (line, &match[mi]);
|
||||||
mi++;
|
mi++;
|
||||||
|
|
||||||
ip = get_string_arg (line, &match[mi]);
|
if (match[mi+4].rm_so != -1) /* IPv6 address in square brackets */
|
||||||
|
ip = get_string_arg (line, &match[mi+4]);
|
||||||
|
else
|
||||||
|
ip = get_string_arg (line, &match[mi]);
|
||||||
if (!ip)
|
if (!ip)
|
||||||
return -1;
|
return -1;
|
||||||
mi += 5;
|
mi += 16;
|
||||||
|
|
||||||
port = (int) get_long_arg (line, &match[mi]);
|
port = (int) get_long_arg (line, &match[mi]);
|
||||||
mi += 3;
|
mi += 3;
|
||||||
|
@ -39,6 +39,7 @@ typedef struct {
|
|||||||
*/
|
*/
|
||||||
struct config_s {
|
struct config_s {
|
||||||
sblist *basicauth_list;
|
sblist *basicauth_list;
|
||||||
|
char *basicauth_realm;
|
||||||
char *logf_name;
|
char *logf_name;
|
||||||
unsigned int syslog; /* boolean */
|
unsigned int syslog; /* boolean */
|
||||||
unsigned int port;
|
unsigned int port;
|
||||||
@ -50,9 +51,7 @@ struct config_s {
|
|||||||
sblist *listen_addrs;
|
sblist *listen_addrs;
|
||||||
#ifdef FILTER_ENABLE
|
#ifdef FILTER_ENABLE
|
||||||
char *filter;
|
char *filter;
|
||||||
unsigned int filter_url; /* boolean */
|
unsigned int filter_opts; /* enum filter_options */
|
||||||
unsigned int filter_extended; /* boolean */
|
|
||||||
unsigned int filter_casesensitive; /* boolean */
|
|
||||||
#endif /* FILTER_ENABLE */
|
#endif /* FILTER_ENABLE */
|
||||||
#ifdef XTINYPROXY_ENABLE
|
#ifdef XTINYPROXY_ENABLE
|
||||||
unsigned int add_xtinyproxy; /* boolean */
|
unsigned int add_xtinyproxy; /* boolean */
|
||||||
|
59
src/filter.c
59
src/filter.c
@ -25,6 +25,7 @@
|
|||||||
#include "main.h"
|
#include "main.h"
|
||||||
|
|
||||||
#include <regex.h>
|
#include <regex.h>
|
||||||
|
#include <fnmatch.h>
|
||||||
#include "filter.h"
|
#include "filter.h"
|
||||||
#include "heap.h"
|
#include "heap.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
@ -37,15 +38,17 @@
|
|||||||
static int err;
|
static int err;
|
||||||
|
|
||||||
struct filter_list {
|
struct filter_list {
|
||||||
regex_t cpatb;
|
union {
|
||||||
|
regex_t cpatb;
|
||||||
|
char *pattern;
|
||||||
|
} u;
|
||||||
};
|
};
|
||||||
|
|
||||||
static sblist *fl = NULL;
|
static sblist *fl = NULL;
|
||||||
static int already_init = 0;
|
static int already_init = 0;
|
||||||
static filter_policy_t default_policy = FILTER_DEFAULT_ALLOW;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initializes a linked list of strings containing hosts/urls to be filtered
|
* Initializes a list of strings containing hosts/urls to be filtered
|
||||||
*/
|
*/
|
||||||
void filter_init (void)
|
void filter_init (void)
|
||||||
{
|
{
|
||||||
@ -66,10 +69,8 @@ void filter_init (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
cflags = REG_NEWLINE | REG_NOSUB;
|
cflags = REG_NEWLINE | REG_NOSUB;
|
||||||
if (config->filter_extended)
|
cflags |= (REG_EXTENDED * !!(config->filter_opts & FILTER_OPT_TYPE_ERE));
|
||||||
cflags |= REG_EXTENDED;
|
cflags |= (REG_ICASE * !(config->filter_opts & FILTER_OPT_CASESENSITIVE));
|
||||||
if (!config->filter_casesensitive)
|
|
||||||
cflags |= REG_ICASE;
|
|
||||||
|
|
||||||
while (fgets (buf, FILTER_BUFFER_LEN, fd)) {
|
while (fgets (buf, FILTER_BUFFER_LEN, fd)) {
|
||||||
++lineno;
|
++lineno;
|
||||||
@ -107,13 +108,19 @@ void filter_init (void)
|
|||||||
if (!fl) fl = sblist_new(sizeof(struct filter_list),
|
if (!fl) fl = sblist_new(sizeof(struct filter_list),
|
||||||
4096/sizeof(struct filter_list));
|
4096/sizeof(struct filter_list));
|
||||||
|
|
||||||
err = regcomp (&fe.cpatb, s, cflags);
|
if (config->filter_opts & FILTER_OPT_TYPE_FNMATCH) {
|
||||||
if (err != 0) {
|
fe.u.pattern = safestrdup(s);
|
||||||
if (err == REG_ESPACE) goto oom;
|
if (!fe.u.pattern) goto oom;
|
||||||
fprintf (stderr,
|
} else {
|
||||||
"Bad regex in %s: line %d - %s\n",
|
|
||||||
config->filter, lineno, s);
|
err = regcomp (&fe.u.cpatb, s, cflags);
|
||||||
exit (EX_DATAERR);
|
if (err != 0) {
|
||||||
|
if (err == REG_ESPACE) goto oom;
|
||||||
|
fprintf (stderr,
|
||||||
|
"Bad regex in %s: line %d - %s\n",
|
||||||
|
config->filter, lineno, s);
|
||||||
|
exit (EX_DATAERR);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (!sblist_add(fl, &fe)) {
|
if (!sblist_add(fl, &fe)) {
|
||||||
oom:;
|
oom:;
|
||||||
@ -142,7 +149,10 @@ void filter_destroy (void)
|
|||||||
if (fl) {
|
if (fl) {
|
||||||
for (i = 0; i < sblist_getsize(fl); ++i) {
|
for (i = 0; i < sblist_getsize(fl); ++i) {
|
||||||
p = sblist_get(fl, i);
|
p = sblist_get(fl, i);
|
||||||
regfree (&p->cpatb);
|
if (config->filter_opts & FILTER_OPT_TYPE_FNMATCH)
|
||||||
|
safefree(p->u.pattern);
|
||||||
|
else
|
||||||
|
regfree (&p->u.cpatb);
|
||||||
}
|
}
|
||||||
sblist_free(fl);
|
sblist_free(fl);
|
||||||
}
|
}
|
||||||
@ -175,11 +185,14 @@ int filter_run (const char *str)
|
|||||||
|
|
||||||
for (i = 0; i < sblist_getsize(fl); ++i) {
|
for (i = 0; i < sblist_getsize(fl); ++i) {
|
||||||
p = sblist_get(fl, i);
|
p = sblist_get(fl, i);
|
||||||
result =
|
if (config->filter_opts & FILTER_OPT_TYPE_FNMATCH)
|
||||||
regexec (&p->cpatb, str, (size_t) 0, (regmatch_t *) 0, 0);
|
result = fnmatch (p->u.pattern, str, 0);
|
||||||
|
else
|
||||||
|
result =
|
||||||
|
regexec (&p->u.cpatb, str, (size_t) 0, (regmatch_t *) 0, 0);
|
||||||
|
|
||||||
if (result == 0) {
|
if (result == 0) {
|
||||||
if (default_policy == FILTER_DEFAULT_ALLOW)
|
if (!(config->filter_opts & FILTER_OPT_DEFAULT_DENY))
|
||||||
return 1;
|
return 1;
|
||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
@ -187,16 +200,8 @@ int filter_run (const char *str)
|
|||||||
}
|
}
|
||||||
|
|
||||||
COMMON_EXIT:
|
COMMON_EXIT:
|
||||||
if (default_policy == FILTER_DEFAULT_ALLOW)
|
if (!(config->filter_opts & FILTER_OPT_DEFAULT_DENY))
|
||||||
return 0;
|
return 0;
|
||||||
else
|
else
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* Set the default filtering policy
|
|
||||||
*/
|
|
||||||
void filter_set_default_policy (filter_policy_t policy)
|
|
||||||
{
|
|
||||||
default_policy = policy;
|
|
||||||
}
|
|
||||||
|
18
src/filter.h
18
src/filter.h
@ -21,16 +21,22 @@
|
|||||||
#ifndef _TINYPROXY_FILTER_H_
|
#ifndef _TINYPROXY_FILTER_H_
|
||||||
#define _TINYPROXY_FILTER_H_
|
#define _TINYPROXY_FILTER_H_
|
||||||
|
|
||||||
typedef enum {
|
enum filter_options {
|
||||||
FILTER_DEFAULT_ALLOW,
|
FILTER_OPT_CASESENSITIVE = 1 << 0,
|
||||||
FILTER_DEFAULT_DENY
|
FILTER_OPT_URL = 1 << 1,
|
||||||
} filter_policy_t;
|
FILTER_OPT_DEFAULT_DENY = 1 << 2,
|
||||||
|
|
||||||
|
FILTER_OPT_TYPE_BRE = 1 << 8,
|
||||||
|
FILTER_OPT_TYPE_ERE = 1 << 9,
|
||||||
|
FILTER_OPT_TYPE_FNMATCH = 1 << 10,
|
||||||
|
};
|
||||||
|
|
||||||
|
#define FILTER_TYPE_MASK \
|
||||||
|
(FILTER_OPT_TYPE_BRE | FILTER_OPT_TYPE_ERE | FILTER_OPT_TYPE_FNMATCH)
|
||||||
|
|
||||||
extern void filter_init (void);
|
extern void filter_init (void);
|
||||||
extern void filter_destroy (void);
|
extern void filter_destroy (void);
|
||||||
extern void filter_reload (void);
|
extern void filter_reload (void);
|
||||||
extern int filter_run (const char *str);
|
extern int filter_run (const char *str);
|
||||||
|
|
||||||
extern void filter_set_default_policy (filter_policy_t policy);
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -3,6 +3,15 @@
|
|||||||
#include "heap.h"
|
#include "heap.h"
|
||||||
#include "network.h"
|
#include "network.h"
|
||||||
|
|
||||||
|
static int dotted_mask(char *bitmask_string, unsigned char array[])
|
||||||
|
{
|
||||||
|
unsigned char v4bits[4];
|
||||||
|
if (1 != inet_pton (AF_INET, bitmask_string, v4bits)) return -1;
|
||||||
|
memset (array, 0xff, IPV6_LEN-4);
|
||||||
|
memcpy (array + IPV6_LEN-4, v4bits, 4);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Fills in the netmask array given a numeric value.
|
* Fills in the netmask array given a numeric value.
|
||||||
*
|
*
|
||||||
@ -13,13 +22,17 @@
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
fill_netmask_array (char *bitmask_string, int v6,
|
fill_netmask_array (char *bitmask_string, int v6,
|
||||||
unsigned char array[], size_t len)
|
unsigned char array[])
|
||||||
{
|
{
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
unsigned long int mask;
|
unsigned long int mask;
|
||||||
char *endptr;
|
char *endptr;
|
||||||
|
|
||||||
errno = 0; /* to distinguish success/failure after call */
|
errno = 0; /* to distinguish success/failure after call */
|
||||||
|
if (strchr (bitmask_string, '.')) {
|
||||||
|
if (v6) return -1; /* ipv6 doesn't supported dotted netmasks */
|
||||||
|
return dotted_mask(bitmask_string, array);
|
||||||
|
}
|
||||||
mask = strtoul (bitmask_string, &endptr, 10);
|
mask = strtoul (bitmask_string, &endptr, 10);
|
||||||
|
|
||||||
/* check for various conversion errors */
|
/* check for various conversion errors */
|
||||||
@ -35,11 +48,11 @@ fill_netmask_array (char *bitmask_string, int v6,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check valid range for a bit mask */
|
/* check valid range for a bit mask */
|
||||||
if (mask > (8 * len))
|
if (mask > (8 * IPV6_LEN))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
/* we have a valid range to fill in the array */
|
/* we have a valid range to fill in the array */
|
||||||
for (i = 0; i != len; ++i) {
|
for (i = 0; i != IPV6_LEN; ++i) {
|
||||||
if (mask >= 8) {
|
if (mask >= 8) {
|
||||||
array[i] = 0xff;
|
array[i] = 0xff;
|
||||||
mask -= 8;
|
mask -= 8;
|
||||||
@ -88,7 +101,7 @@ int hostspec_parse(char *location, struct hostspec *h) {
|
|||||||
v6 = 0;
|
v6 = 0;
|
||||||
|
|
||||||
if (fill_netmask_array
|
if (fill_netmask_array
|
||||||
(mask, v6, &(h->address.ip.mask[0]), IPV6_LEN)
|
(mask, v6, &(h->address.ip.mask[0]))
|
||||||
< 0)
|
< 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
@ -80,9 +80,10 @@ static int resize(struct htab *htab, size_t nel)
|
|||||||
{
|
{
|
||||||
size_t newsize;
|
size_t newsize;
|
||||||
size_t i, j;
|
size_t i, j;
|
||||||
|
size_t oldmask = htab->mask;
|
||||||
struct elem *e, *newe;
|
struct elem *e, *newe;
|
||||||
struct elem *oldtab = htab->elems;
|
struct elem *oldtab = htab->elems;
|
||||||
struct elem *oldend = htab->elems + htab->mask + 1;
|
struct elem *oldend;
|
||||||
|
|
||||||
if (nel > MAXSIZE)
|
if (nel > MAXSIZE)
|
||||||
nel = MAXSIZE;
|
nel = MAXSIZE;
|
||||||
@ -95,6 +96,8 @@ static int resize(struct htab *htab, size_t nel)
|
|||||||
htab->mask = newsize - 1;
|
htab->mask = newsize - 1;
|
||||||
if (!oldtab)
|
if (!oldtab)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
oldend = oldtab + oldmask + 1;
|
||||||
for (e = oldtab; e < oldend; e++)
|
for (e = oldtab; e < oldend; e++)
|
||||||
if (e->item.key) {
|
if (e->item.key) {
|
||||||
for (i=e->hash,j=1; ; i+=j++) {
|
for (i=e->hash,j=1; ; i+=j++) {
|
||||||
|
@ -30,6 +30,7 @@
|
|||||||
#include "network.h"
|
#include "network.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
#include <regex.h>
|
#include <regex.h>
|
||||||
|
|
||||||
@ -139,14 +140,14 @@ int send_http_headers (
|
|||||||
{
|
{
|
||||||
const char headers[] =
|
const char headers[] =
|
||||||
"HTTP/1.%u %d %s\r\n"
|
"HTTP/1.%u %d %s\r\n"
|
||||||
"Server: %s/%s\r\n"
|
"Server: %s\r\n"
|
||||||
"Content-Type: text/html\r\n"
|
"Content-Type: text/html\r\n"
|
||||||
"%s"
|
"%s"
|
||||||
"Connection: close\r\n" "\r\n";
|
"Connection: close\r\n" "\r\n";
|
||||||
|
|
||||||
return (write_message (connptr->client_fd, headers,
|
return (write_message (connptr->client_fd, headers,
|
||||||
connptr->protocol.major != 1 ? 0 : connptr->protocol.minor,
|
connptr->protocol.major != 1 ? 0 : connptr->protocol.minor,
|
||||||
code, message, PACKAGE, VERSION,
|
code, message, PACKAGE,
|
||||||
extra));
|
extra));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -168,33 +169,47 @@ int send_http_error_message (struct conn_s *connptr)
|
|||||||
"<h1>%s</h1>\n"
|
"<h1>%s</h1>\n"
|
||||||
"<p>%s</p>\n"
|
"<p>%s</p>\n"
|
||||||
"<hr />\n"
|
"<hr />\n"
|
||||||
"<p><em>Generated by %s version %s.</em></p>\n" "</body>\n"
|
"<p><em>Generated by %s.</em></p>\n" "</body>\n"
|
||||||
"</html>\n";
|
"</html>\n";
|
||||||
|
|
||||||
const char p_auth_str[] =
|
|
||||||
"Proxy-Authenticate: Basic realm=\""
|
|
||||||
PACKAGE_NAME "\"\r\n";
|
|
||||||
|
|
||||||
const char w_auth_str[] =
|
|
||||||
"WWW-Authenticate: Basic realm=\""
|
|
||||||
PACKAGE_NAME "\"\r\n";
|
|
||||||
|
|
||||||
/* according to rfc7235, the 407 error must be accompanied by
|
/* according to rfc7235, the 407 error must be accompanied by
|
||||||
a Proxy-Authenticate header field. */
|
a Proxy-Authenticate header field. */
|
||||||
const char *add = connptr->error_number == 407 ? p_auth_str :
|
const char *auth_str_type =
|
||||||
(connptr->error_number == 401 ? w_auth_str : "");
|
connptr->error_number == 407 ? "Proxy-Authenticate" :
|
||||||
|
(connptr->error_number == 401 ? "WWW-Authenticate" : "");
|
||||||
|
|
||||||
|
const char auth_str_tpl[] = "%s: Basic realm=\"%s\"\r\n";
|
||||||
|
char* auth_str_add = NULL;
|
||||||
|
|
||||||
|
if (auth_str_type[0] != 0) {
|
||||||
|
int auth_str_size = snprintf (NULL, 0, auth_str_tpl,
|
||||||
|
auth_str_type, config->basicauth_realm) + 1;
|
||||||
|
if (auth_str_size > 0) {
|
||||||
|
auth_str_add = safemalloc (auth_str_size);
|
||||||
|
if (auth_str_add != NULL) {
|
||||||
|
snprintf (auth_str_add, auth_str_size, auth_str_tpl,
|
||||||
|
auth_str_type, config->basicauth_realm);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
send_http_headers (connptr, connptr->error_number,
|
send_http_headers (connptr, connptr->error_number,
|
||||||
connptr->error_string, add);
|
connptr->error_string, auth_str_add ? auth_str_add : "");
|
||||||
|
|
||||||
|
if (auth_str_add) safefree (auth_str_add);
|
||||||
|
|
||||||
error_file = get_html_file (connptr->error_number);
|
error_file = get_html_file (connptr->error_number);
|
||||||
if (!(infile = fopen (error_file, "r"))) {
|
if (!error_file || !(infile = fopen (error_file, "r"))) {
|
||||||
char *detail = lookup_variable (connptr->error_variables, "detail");
|
char *detail;
|
||||||
|
if (error_file) log_message (LOG_ERR,
|
||||||
|
"Error opening error file '%s' (%s)",
|
||||||
|
error_file, strerror (errno));
|
||||||
|
detail = lookup_variable (connptr->error_variables, "detail");
|
||||||
return (write_message (connptr->client_fd, fallback_error,
|
return (write_message (connptr->client_fd, fallback_error,
|
||||||
connptr->error_number,
|
connptr->error_number,
|
||||||
connptr->error_string,
|
connptr->error_string,
|
||||||
connptr->error_string,
|
connptr->error_string,
|
||||||
detail, PACKAGE, VERSION));
|
detail, PACKAGE));
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = send_html_file (infile, connptr);
|
ret = send_html_file (infile, connptr);
|
||||||
|
21
src/main.c
21
src/main.c
@ -254,27 +254,28 @@ change_user (const char *program)
|
|||||||
*/
|
*/
|
||||||
int reload_config (int reload_logging)
|
int reload_config (int reload_logging)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret, ret2;
|
||||||
struct config_s *c_next = get_next_config();
|
struct config_s *c_next = get_next_config();
|
||||||
|
|
||||||
log_message (LOG_NOTICE, "Reloading config file");
|
log_message (LOG_NOTICE, "Reloading config file (%s)", config_file);
|
||||||
|
|
||||||
if (reload_logging) shutdown_logging ();
|
if (reload_logging) shutdown_logging ();
|
||||||
|
|
||||||
ret = reload_config_file (config_file, c_next);
|
ret = reload_config_file (config_file, c_next);
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret == 0) {
|
||||||
goto done;
|
if(config) free_config (config);
|
||||||
|
config = c_next;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(config) free_config (config);
|
ret2 = reload_logging ? setup_logging () : 0;
|
||||||
config = c_next;
|
|
||||||
|
|
||||||
if (reload_logging) ret = setup_logging ();
|
if (ret != 0)
|
||||||
log_message (LOG_NOTICE, "Reloading config file finished");
|
log_message (LOG_WARNING, "Reloading config file failed!");
|
||||||
|
else
|
||||||
|
log_message (LOG_NOTICE, "Reloading config file finished");
|
||||||
|
|
||||||
done:
|
return ret ? ret : ret2;
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void setup_sig(int sig, signal_func *sigh,
|
static void setup_sig(int sig, signal_func *sigh,
|
||||||
|
260
src/reqs.c
260
src/reqs.c
@ -301,21 +301,16 @@ establish_http_connection (struct conn_s *connptr, struct request_s *request)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* These two defines are for the SSL tunnelling.
|
* Send the appropriate response to the client to establish a
|
||||||
|
* connection via CONNECT method.
|
||||||
*/
|
*/
|
||||||
#define SSL_CONNECTION_RESPONSE "HTTP/1.0 200 Connection established"
|
static int send_connect_method_response (struct conn_s *connptr)
|
||||||
#define PROXY_AGENT "Proxy-agent: " PACKAGE "/" VERSION
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Send the appropriate response to the client to establish a SSL
|
|
||||||
* connection.
|
|
||||||
*/
|
|
||||||
static int send_ssl_response (struct conn_s *connptr)
|
|
||||||
{
|
{
|
||||||
return write_message (connptr->client_fd,
|
return write_message (connptr->client_fd,
|
||||||
"%s\r\n"
|
"HTTP/1.%u 200 Connection established\r\n"
|
||||||
"%s\r\n"
|
"Proxy-agent: " PACKAGE "\r\n"
|
||||||
"\r\n", SSL_CONNECTION_RESPONSE, PROXY_AGENT);
|
"\r\n", connptr->protocol.major != 1 ? 0 :
|
||||||
|
connptr->protocol.minor);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -327,9 +322,11 @@ static struct request_s *process_request (struct conn_s *connptr,
|
|||||||
{
|
{
|
||||||
char *url;
|
char *url;
|
||||||
struct request_s *request;
|
struct request_s *request;
|
||||||
int ret;
|
int ret, skip_trans;
|
||||||
size_t request_len;
|
size_t request_len;
|
||||||
|
|
||||||
|
skip_trans = 0;
|
||||||
|
|
||||||
/* NULL out all the fields so frees don't cause segfaults. */
|
/* NULL out all the fields so frees don't cause segfaults. */
|
||||||
request =
|
request =
|
||||||
(struct request_s *) safecalloc (1, sizeof (struct request_s));
|
(struct request_s *) safecalloc (1, sizeof (struct request_s));
|
||||||
@ -346,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* zero-terminate the strings so they don't contain junk in error page */
|
||||||
|
request->method[0] = url[0] = request->protocol[0] = 0;
|
||||||
|
|
||||||
ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
|
ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
|
||||||
request->method, url, request->protocol);
|
request->method, url, request->protocol);
|
||||||
|
|
||||||
if (ret == 2 && !strcasecmp (request->method, "GET")) {
|
if (ret == 2 && !strcasecmp (request->method, "GET")) {
|
||||||
request->protocol[0] = 0;
|
request->protocol[0] = 0;
|
||||||
|
|
||||||
@ -402,6 +403,7 @@ BAD_REQUEST_ERROR:
|
|||||||
}
|
}
|
||||||
safefree (url);
|
safefree (url);
|
||||||
url = reverse_url;
|
url = reverse_url;
|
||||||
|
skip_trans = 1;
|
||||||
} else if (config->reverseonly) {
|
} else if (config->reverseonly) {
|
||||||
log_message (LOG_ERR,
|
log_message (LOG_ERR,
|
||||||
"Bad request, no mapping for '%s' found",
|
"Bad request, no mapping for '%s' found",
|
||||||
@ -451,11 +453,13 @@ BAD_REQUEST_ERROR:
|
|||||||
connptr->connect_method = TRUE;
|
connptr->connect_method = TRUE;
|
||||||
} else {
|
} else {
|
||||||
#ifdef TRANSPARENT_PROXY
|
#ifdef TRANSPARENT_PROXY
|
||||||
if (!do_transparent_proxy
|
if (!skip_trans) {
|
||||||
(connptr, hashofheaders, request, config, &url)) {
|
if (!do_transparent_proxy
|
||||||
goto fail;
|
(connptr, hashofheaders, request, config, &url))
|
||||||
}
|
goto fail;
|
||||||
#else
|
} else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
indicate_http_error (connptr, 501, "Not Implemented",
|
indicate_http_error (connptr, 501, "Not Implemented",
|
||||||
"detail",
|
"detail",
|
||||||
"Unknown method or unsupported protocol.",
|
"Unknown method or unsupported protocol.",
|
||||||
@ -463,7 +467,7 @@ BAD_REQUEST_ERROR:
|
|||||||
log_message (LOG_INFO, "Unknown method (%s) or protocol (%s)",
|
log_message (LOG_INFO, "Unknown method (%s) or protocol (%s)",
|
||||||
request->method, url);
|
request->method, url);
|
||||||
goto fail;
|
goto fail;
|
||||||
#endif
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef FILTER_ENABLE
|
#ifdef FILTER_ENABLE
|
||||||
@ -471,22 +475,16 @@ BAD_REQUEST_ERROR:
|
|||||||
* Filter restricted domains/urls
|
* Filter restricted domains/urls
|
||||||
*/
|
*/
|
||||||
if (config->filter) {
|
if (config->filter) {
|
||||||
if (config->filter_url)
|
int fu = config->filter_opts & FILTER_OPT_URL;
|
||||||
ret = filter_run (url);
|
ret = filter_run (fu ? url : request->host);
|
||||||
else
|
|
||||||
ret = filter_run (request->host);
|
|
||||||
|
|
||||||
if (ret) {
|
if (ret) {
|
||||||
update_stats (STAT_DENIED);
|
update_stats (STAT_DENIED);
|
||||||
|
|
||||||
if (config->filter_url)
|
log_message (LOG_NOTICE,
|
||||||
log_message (LOG_NOTICE,
|
"Proxying refused on filtered %s \"%s\"",
|
||||||
"Proxying refused on filtered url \"%s\"",
|
fu ? "url" : "domain",
|
||||||
url);
|
fu ? url : request->host);
|
||||||
else
|
|
||||||
log_message (LOG_NOTICE,
|
|
||||||
"Proxying refused on filtered domain \"%s\"",
|
|
||||||
request->host);
|
|
||||||
|
|
||||||
indicate_http_error (connptr, 403, "Filtered",
|
indicate_http_error (connptr, 403, "Filtered",
|
||||||
"detail",
|
"detail",
|
||||||
@ -523,7 +521,7 @@ fail:
|
|||||||
* server headers can be processed.
|
* server headers can be processed.
|
||||||
* - rjkaes
|
* - rjkaes
|
||||||
*/
|
*/
|
||||||
static int pull_client_data (struct conn_s *connptr, long int length)
|
static int pull_client_data (struct conn_s *connptr, long int length, int iehack)
|
||||||
{
|
{
|
||||||
char *buffer;
|
char *buffer;
|
||||||
ssize_t len;
|
ssize_t len;
|
||||||
@ -548,39 +546,75 @@ static int pull_client_data (struct conn_s *connptr, long int length)
|
|||||||
length -= len;
|
length -= len;
|
||||||
} while (length > 0);
|
} while (length > 0);
|
||||||
|
|
||||||
/*
|
if (iehack) {
|
||||||
* BUG FIX: Internet Explorer will leave two bytes (carriage
|
/*
|
||||||
* return and line feed) at the end of a POST message. These
|
* BUG FIX: Internet Explorer will leave two bytes (carriage
|
||||||
* need to be eaten for tinyproxy to work correctly.
|
* return and line feed) at the end of a POST message. These
|
||||||
*/
|
* need to be eaten for tinyproxy to work correctly.
|
||||||
ret = socket_nonblocking (connptr->client_fd);
|
*/
|
||||||
if (ret != 0) {
|
ret = socket_nonblocking (connptr->client_fd);
|
||||||
log_message(LOG_ERR, "Failed to set the client socket "
|
if (ret != 0) {
|
||||||
"to non-blocking: %s", strerror(errno));
|
log_message(LOG_ERR, "Failed to set the client socket "
|
||||||
goto ERROR_EXIT;
|
"to non-blocking: %s", strerror(errno));
|
||||||
}
|
goto ERROR_EXIT;
|
||||||
|
|
||||||
len = recv (connptr->client_fd, buffer, 2, MSG_PEEK);
|
|
||||||
|
|
||||||
ret = socket_blocking (connptr->client_fd);
|
|
||||||
if (ret != 0) {
|
|
||||||
log_message(LOG_ERR, "Failed to set the client socket "
|
|
||||||
"to blocking: %s", strerror(errno));
|
|
||||||
goto ERROR_EXIT;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (len < 0 && errno != EAGAIN)
|
|
||||||
goto ERROR_EXIT;
|
|
||||||
|
|
||||||
if ((len == 2) && CHECK_CRLF (buffer, len)) {
|
|
||||||
ssize_t bytes_read;
|
|
||||||
|
|
||||||
bytes_read = read (connptr->client_fd, buffer, 2);
|
|
||||||
if (bytes_read == -1) {
|
|
||||||
log_message
|
|
||||||
(LOG_WARNING,
|
|
||||||
"Could not read two bytes from POST message");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
len = recv (connptr->client_fd, buffer, 2, MSG_PEEK);
|
||||||
|
|
||||||
|
ret = socket_blocking (connptr->client_fd);
|
||||||
|
if (ret != 0) {
|
||||||
|
log_message(LOG_ERR, "Failed to set the client socket "
|
||||||
|
"to blocking: %s", strerror(errno));
|
||||||
|
goto ERROR_EXIT;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (len < 0 && errno != EAGAIN)
|
||||||
|
goto ERROR_EXIT;
|
||||||
|
|
||||||
|
if ((len == 2) && CHECK_CRLF (buffer, len)) {
|
||||||
|
ssize_t bytes_read;
|
||||||
|
|
||||||
|
bytes_read = read (connptr->client_fd, buffer, 2);
|
||||||
|
if (bytes_read == -1) {
|
||||||
|
log_message
|
||||||
|
(LOG_WARNING,
|
||||||
|
"Could not read two bytes from POST message");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
safefree (buffer);
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
ERROR_EXIT:
|
||||||
|
safefree (buffer);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* pull chunked client data */
|
||||||
|
static int pull_client_data_chunked (struct conn_s *connptr) {
|
||||||
|
char *buffer = 0;
|
||||||
|
ssize_t len;
|
||||||
|
long chunklen;
|
||||||
|
|
||||||
|
while(1) {
|
||||||
|
if (buffer) safefree(buffer);
|
||||||
|
len = readline (connptr->client_fd, &buffer);
|
||||||
|
|
||||||
|
if (len <= 0)
|
||||||
|
goto ERROR_EXIT;
|
||||||
|
|
||||||
|
if (!connptr->error_variables) {
|
||||||
|
if (safe_write (connptr->server_fd, buffer, len) < 0)
|
||||||
|
goto ERROR_EXIT;
|
||||||
|
}
|
||||||
|
|
||||||
|
chunklen = strtol (buffer, (char**)0, 16);
|
||||||
|
|
||||||
|
if (pull_client_data (connptr, chunklen+2, 0) < 0)
|
||||||
|
goto ERROR_EXIT;
|
||||||
|
|
||||||
|
if(!chunklen) break;
|
||||||
}
|
}
|
||||||
|
|
||||||
safefree (buffer);
|
safefree (buffer);
|
||||||
@ -745,7 +779,7 @@ static int remove_connection_headers (orderedmap hashofheaders)
|
|||||||
char *data;
|
char *data;
|
||||||
char *ptr;
|
char *ptr;
|
||||||
ssize_t len;
|
ssize_t len;
|
||||||
int i;
|
int i,j,df;
|
||||||
|
|
||||||
for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) {
|
for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) {
|
||||||
/* Look for the connection header. If it's not found, return. */
|
/* Look for the connection header. If it's not found, return. */
|
||||||
@ -770,7 +804,12 @@ static int remove_connection_headers (orderedmap hashofheaders)
|
|||||||
*/
|
*/
|
||||||
ptr = data;
|
ptr = data;
|
||||||
while (ptr < data + len) {
|
while (ptr < data + len) {
|
||||||
orderedmap_remove (hashofheaders, ptr);
|
df = 0;
|
||||||
|
/* check that ptr isn't one of headers to prevent
|
||||||
|
double-free (CVE-2023-49606) */
|
||||||
|
for (j = 0; j != (sizeof (headers) / sizeof (char *)); ++j)
|
||||||
|
if(!strcasecmp(ptr, headers[j])) df = 1;
|
||||||
|
if (!df) orderedmap_remove (hashofheaders, ptr);
|
||||||
|
|
||||||
/* Advance ptr to the next token */
|
/* Advance ptr to the next token */
|
||||||
ptr += strlen (ptr) + 1;
|
ptr += strlen (ptr) + 1;
|
||||||
@ -787,7 +826,7 @@ static int remove_connection_headers (orderedmap hashofheaders)
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* If there is a Content-Length header, then return the value; otherwise, return
|
* If there is a Content-Length header, then return the value; otherwise, return
|
||||||
* a negative number.
|
* -1.
|
||||||
*/
|
*/
|
||||||
static long get_content_length (orderedmap hashofheaders)
|
static long get_content_length (orderedmap hashofheaders)
|
||||||
{
|
{
|
||||||
@ -802,6 +841,13 @@ static long get_content_length (orderedmap hashofheaders)
|
|||||||
return content_length;
|
return content_length;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int is_chunked_transfer (orderedmap hashofheaders)
|
||||||
|
{
|
||||||
|
char *data;
|
||||||
|
data = orderedmap_find (hashofheaders, "transfer-encoding");
|
||||||
|
return data ? !strcmp (data, "chunked") : 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Search for Via header in a hash of headers and either write a new Via
|
* Search for Via header in a hash of headers and either write a new Via
|
||||||
* header, or append our information to the end of an existing Via header.
|
* header, or append our information to the end of an existing Via header.
|
||||||
@ -835,15 +881,14 @@ write_via_header (int fd, orderedmap hashofheaders,
|
|||||||
data = orderedmap_find (hashofheaders, "via");
|
data = orderedmap_find (hashofheaders, "via");
|
||||||
if (data) {
|
if (data) {
|
||||||
ret = write_message (fd,
|
ret = write_message (fd,
|
||||||
"Via: %s, %hu.%hu %s (%s/%s)\r\n",
|
"Via: %s, %hu.%hu %s (%s)\r\n",
|
||||||
data, major, minor, hostname, PACKAGE,
|
data, major, minor, hostname, PACKAGE);
|
||||||
VERSION);
|
|
||||||
|
|
||||||
orderedmap_remove (hashofheaders, "via");
|
orderedmap_remove (hashofheaders, "via");
|
||||||
} else {
|
} else {
|
||||||
ret = write_message (fd,
|
ret = write_message (fd,
|
||||||
"Via: %hu.%hu %s (%s/%s)\r\n",
|
"Via: %hu.%hu %s (%s)\r\n",
|
||||||
major, minor, hostname, PACKAGE, VERSION);
|
major, minor, hostname, PACKAGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
done:
|
done:
|
||||||
@ -896,6 +941,10 @@ process_client_headers (struct conn_s *connptr, orderedmap hashofheaders)
|
|||||||
*/
|
*/
|
||||||
connptr->content_length.client = get_content_length (hashofheaders);
|
connptr->content_length.client = get_content_length (hashofheaders);
|
||||||
|
|
||||||
|
/* Check whether client sends chunked data. */
|
||||||
|
if (connptr->content_length.client == -1 && is_chunked_transfer (hashofheaders))
|
||||||
|
connptr->content_length.client = -2;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* See if there is a "Connection" header. If so, we need to do a bit
|
* See if there is a "Connection" header. If so, we need to do a bit
|
||||||
* of processing. :)
|
* of processing. :)
|
||||||
@ -960,8 +1009,9 @@ process_client_headers (struct conn_s *connptr, orderedmap hashofheaders)
|
|||||||
PULL_CLIENT_DATA:
|
PULL_CLIENT_DATA:
|
||||||
if (connptr->content_length.client > 0) {
|
if (connptr->content_length.client > 0) {
|
||||||
ret = pull_client_data (connptr,
|
ret = pull_client_data (connptr,
|
||||||
connptr->content_length.client);
|
connptr->content_length.client, 1);
|
||||||
}
|
} else if (connptr->content_length.client == -2)
|
||||||
|
ret = pull_client_data_chunked (connptr);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -1236,6 +1286,7 @@ static void relay_connection (struct conn_s *connptr)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef UPSTREAM_SUPPORT
|
||||||
static int
|
static int
|
||||||
connect_to_upstream_proxy(struct conn_s *connptr, struct request_s *request)
|
connect_to_upstream_proxy(struct conn_s *connptr, struct request_s *request)
|
||||||
{
|
{
|
||||||
@ -1352,7 +1403,7 @@ connect_to_upstream_proxy(struct conn_s *connptr, struct request_s *request)
|
|||||||
|
|
||||||
return establish_http_connection(connptr, request);
|
return establish_http_connection(connptr, request);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Establish a connection to the upstream proxy server.
|
* Establish a connection to the upstream proxy server.
|
||||||
@ -1376,7 +1427,7 @@ connect_to_upstream (struct conn_s *connptr, struct request_s *request)
|
|||||||
log_message (LOG_WARNING,
|
log_message (LOG_WARNING,
|
||||||
"No upstream proxy defined for %s.",
|
"No upstream proxy defined for %s.",
|
||||||
request->host);
|
request->host);
|
||||||
indicate_http_error (connptr, 404,
|
indicate_http_error (connptr, 502,
|
||||||
"Unable to connect to upstream proxy.");
|
"Unable to connect to upstream proxy.");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -1388,7 +1439,7 @@ connect_to_upstream (struct conn_s *connptr, struct request_s *request)
|
|||||||
if (connptr->server_fd < 0) {
|
if (connptr->server_fd < 0) {
|
||||||
log_message (LOG_WARNING,
|
log_message (LOG_WARNING,
|
||||||
"Could not connect to upstream proxy.");
|
"Could not connect to upstream proxy.");
|
||||||
indicate_http_error (connptr, 404,
|
indicate_http_error (connptr, 502,
|
||||||
"Unable to connect to upstream proxy",
|
"Unable to connect to upstream proxy",
|
||||||
"detail",
|
"detail",
|
||||||
"A network error occurred while trying to "
|
"A network error occurred while trying to "
|
||||||
@ -1464,8 +1515,8 @@ get_request_entity(struct conn_s *connptr)
|
|||||||
nread = read_buffer (connptr->client_fd, connptr->cbuffer);
|
nread = read_buffer (connptr->client_fd, connptr->cbuffer);
|
||||||
if (nread < 0) {
|
if (nread < 0) {
|
||||||
log_message (LOG_ERR,
|
log_message (LOG_ERR,
|
||||||
"Error reading readable client_fd %d",
|
"Error reading readable client_fd %d (%s)",
|
||||||
connptr->client_fd);
|
connptr->client_fd, strerror(errno));
|
||||||
ret = -1;
|
ret = -1;
|
||||||
} else {
|
} else {
|
||||||
log_message (LOG_INFO,
|
log_message (LOG_INFO,
|
||||||
@ -1508,6 +1559,19 @@ static void handle_connection_failure(struct conn_s *connptr, int got_headers)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void auth_error(struct conn_s *connptr, int code) {
|
||||||
|
const char *tit = code == 401 ? "Unauthorized" : "Proxy Authentication Required";
|
||||||
|
const char *msg = code == 401 ?
|
||||||
|
"The administrator of this proxy has not configured it to service requests from you." :
|
||||||
|
"This proxy requires authentication.";
|
||||||
|
|
||||||
|
update_stats (STAT_DENIED);
|
||||||
|
log_message (LOG_INFO,
|
||||||
|
"Failed auth attempt (file descriptor: %d), ip %s",
|
||||||
|
connptr->client_fd,
|
||||||
|
connptr->client_ip_addr);
|
||||||
|
indicate_http_error (connptr, code, tit, "detail", msg, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This is the main drive for each connection. As you can tell, for the
|
* This is the main drive for each connection. As you can tell, for the
|
||||||
@ -1517,6 +1581,9 @@ static void handle_connection_failure(struct conn_s *connptr, int got_headers)
|
|||||||
* when we start the relay portion. This makes most of the original
|
* when we start the relay portion. This makes most of the original
|
||||||
* tinyproxy code, which was confusing, redundant. Hail progress.
|
* tinyproxy code, which was confusing, redundant. Hail progress.
|
||||||
* - rjkaes
|
* - rjkaes
|
||||||
|
|
||||||
|
* this function is called directly from child_thread() with the newly
|
||||||
|
* received fd from accept().
|
||||||
*/
|
*/
|
||||||
void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
|
void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
|
||||||
{
|
{
|
||||||
@ -1528,7 +1595,6 @@ void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
|
|||||||
int got_headers = 0, fd = connptr->client_fd;
|
int got_headers = 0, fd = connptr->client_fd;
|
||||||
size_t i;
|
size_t i;
|
||||||
struct request_s *request = NULL;
|
struct request_s *request = NULL;
|
||||||
struct timeval tv;
|
|
||||||
orderedmap hashofheaders = NULL;
|
orderedmap hashofheaders = NULL;
|
||||||
|
|
||||||
char sock_ipaddr[IP_LENGTH];
|
char sock_ipaddr[IP_LENGTH];
|
||||||
@ -1550,12 +1616,7 @@ void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
tv.tv_usec = 0;
|
set_socket_timeout(fd);
|
||||||
tv.tv_sec = config->idletimeout;
|
|
||||||
setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (void*) &tv, sizeof(tv));
|
|
||||||
tv.tv_usec = 0;
|
|
||||||
tv.tv_sec = config->idletimeout;
|
|
||||||
setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (void*) &tv, sizeof(tv));
|
|
||||||
|
|
||||||
if (connection_loops (addr)) {
|
if (connection_loops (addr)) {
|
||||||
log_message (LOG_CONN,
|
log_message (LOG_CONN,
|
||||||
@ -1583,11 +1644,7 @@ void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
|
|||||||
|
|
||||||
if (read_request_line (connptr) < 0) {
|
if (read_request_line (connptr) < 0) {
|
||||||
update_stats (STAT_BADCONN);
|
update_stats (STAT_BADCONN);
|
||||||
indicate_http_error (connptr, 408, "Timeout",
|
goto done;
|
||||||
"detail",
|
|
||||||
"Server timeout waiting for the HTTP request "
|
|
||||||
"from the client.", NULL);
|
|
||||||
HC_FAIL();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1633,12 +1690,7 @@ void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!authstring) {
|
if (!authstring) {
|
||||||
if (stathost_connect) goto e401;
|
auth_error(connptr, stathost_connect ? 401 : 407);
|
||||||
update_stats (STAT_DENIED);
|
|
||||||
indicate_http_error (connptr, 407, "Proxy Authentication Required",
|
|
||||||
"detail",
|
|
||||||
"This proxy requires authentication.",
|
|
||||||
NULL);
|
|
||||||
HC_FAIL();
|
HC_FAIL();
|
||||||
}
|
}
|
||||||
if ( /* currently only "basic" auth supported */
|
if ( /* currently only "basic" auth supported */
|
||||||
@ -1647,13 +1699,7 @@ void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
|
|||||||
basicauth_check (config->basicauth_list, authstring + 6) == 1)
|
basicauth_check (config->basicauth_list, authstring + 6) == 1)
|
||||||
failure = 0;
|
failure = 0;
|
||||||
if(failure) {
|
if(failure) {
|
||||||
e401:
|
auth_error(connptr, stathost_connect ? 401 : 407);
|
||||||
update_stats (STAT_DENIED);
|
|
||||||
indicate_http_error (connptr, 401, "Unauthorized",
|
|
||||||
"detail",
|
|
||||||
"The administrator of this proxy has not configured "
|
|
||||||
"it to service requests from you.",
|
|
||||||
NULL);
|
|
||||||
HC_FAIL();
|
HC_FAIL();
|
||||||
}
|
}
|
||||||
orderedmap_remove (hashofheaders, "proxy-authorization");
|
orderedmap_remove (hashofheaders, "proxy-authorization");
|
||||||
@ -1727,10 +1773,10 @@ e401:
|
|||||||
HC_FAIL();
|
HC_FAIL();
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (send_ssl_response (connptr) < 0) {
|
if (send_connect_method_response (connptr) < 0) {
|
||||||
log_message (LOG_ERR,
|
log_message (LOG_ERR,
|
||||||
"handle_connection: Could not send SSL greeting "
|
"handle_connection: Could not send CONNECT"
|
||||||
"to client.");
|
" method greeting to client.");
|
||||||
update_stats (STAT_BADCONN);
|
update_stats (STAT_BADCONN);
|
||||||
HC_FAIL();
|
HC_FAIL();
|
||||||
}
|
}
|
||||||
|
24
src/sock.c
24
src/sock.c
@ -47,6 +47,16 @@ static const char * get_gai_error (int n)
|
|||||||
return gai_strerror (n);
|
return gai_strerror (n);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const char * family_string (int af)
|
||||||
|
{
|
||||||
|
switch(af) {
|
||||||
|
case AF_UNSPEC: return "AF_UNSPEC";
|
||||||
|
case AF_INET: return "AF_INET";
|
||||||
|
case AF_INET6: return "AF_INET6";
|
||||||
|
}
|
||||||
|
return "unknown";
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Bind the given socket to the supplied address. The socket is
|
* Bind the given socket to the supplied address. The socket is
|
||||||
* returned if the bind succeeded. Otherwise, -1 is returned
|
* returned if the bind succeeded. Otherwise, -1 is returned
|
||||||
@ -69,7 +79,7 @@ bind_socket (int sockfd, const char *addr, int family)
|
|||||||
n = getaddrinfo (addr, NULL, &hints, &res);
|
n = getaddrinfo (addr, NULL, &hints, &res);
|
||||||
if (n != 0) {
|
if (n != 0) {
|
||||||
log_message (LOG_INFO,
|
log_message (LOG_INFO,
|
||||||
"bind_socket: getaddrinfo failed for %s: %s", addr, get_gai_error (n));
|
"bind_socket: getaddrinfo failed for %s: %s (af: %s)", addr, get_gai_error (n), family_string(family));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -108,6 +118,16 @@ bind_socket_list (int sockfd, sblist *addresses, int family)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void set_socket_timeout(int fd) {
|
||||||
|
struct timeval tv;
|
||||||
|
tv.tv_usec = 0;
|
||||||
|
tv.tv_sec = config->idletimeout;
|
||||||
|
setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (void*) &tv, sizeof(tv));
|
||||||
|
tv.tv_usec = 0;
|
||||||
|
tv.tv_sec = config->idletimeout;
|
||||||
|
setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (void*) &tv, sizeof(tv));
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Open a connection to a remote host. It's been re-written to use
|
* Open a connection to a remote host. It's been re-written to use
|
||||||
* the getaddrinfo() library function, which allows for a protocol
|
* the getaddrinfo() library function, which allows for a protocol
|
||||||
@ -163,6 +183,8 @@ int opensock (const char *host, int port, const char *bind_to)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_socket_timeout(sockfd);
|
||||||
|
|
||||||
if (connect (sockfd, res->ai_addr, res->ai_addrlen) == 0) {
|
if (connect (sockfd, res->ai_addr, res->ai_addrlen) == 0) {
|
||||||
union sockaddr_union *p = (void*) res->ai_addr, u;
|
union sockaddr_union *p = (void*) res->ai_addr, u;
|
||||||
int af = res->ai_addr->sa_family;
|
int af = res->ai_addr->sa_family;
|
||||||
|
@ -56,6 +56,8 @@ extern int listen_sock (const char *addr, uint16_t port, sblist* listen_fds);
|
|||||||
extern int socket_nonblocking (int sock);
|
extern int socket_nonblocking (int sock);
|
||||||
extern int socket_blocking (int sock);
|
extern int socket_blocking (int sock);
|
||||||
|
|
||||||
|
extern void set_socket_timeout(int fd);
|
||||||
|
|
||||||
extern int getsock_ip (int fd, char *ipaddr);
|
extern int getsock_ip (int fd, char *ipaddr);
|
||||||
extern void getpeer_information (union sockaddr_union *addr, char *ipaddr, size_t ipaddr_len);
|
extern void getpeer_information (union sockaddr_union *addr, char *ipaddr, size_t ipaddr_len);
|
||||||
|
|
||||||
|
10
src/stats.c
10
src/stats.c
@ -87,9 +87,9 @@ err_minus_one:
|
|||||||
"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" "
|
"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" "
|
||||||
"\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n"
|
"\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n"
|
||||||
"<html>\n"
|
"<html>\n"
|
||||||
"<head><title>%s version %s run-time statistics</title></head>\n"
|
"<head><title>%s run-time statistics</title></head>\n"
|
||||||
"<body>\n"
|
"<body>\n"
|
||||||
"<h1>%s version %s run-time statistics</h1>\n"
|
"<h1>%s run-time statistics</h1>\n"
|
||||||
"<p>\n"
|
"<p>\n"
|
||||||
"Number of open connections: %lu<br />\n"
|
"Number of open connections: %lu<br />\n"
|
||||||
"Number of requests: %lu<br />\n"
|
"Number of requests: %lu<br />\n"
|
||||||
@ -98,13 +98,13 @@ err_minus_one:
|
|||||||
"Number of refused connections due to high load: %lu\n"
|
"Number of refused connections due to high load: %lu\n"
|
||||||
"</p>\n"
|
"</p>\n"
|
||||||
"<hr />\n"
|
"<hr />\n"
|
||||||
"<p><em>Generated by %s version %s.</em></p>\n" "</body>\n"
|
"<p><em>Generated by %s.</em></p>\n" "</body>\n"
|
||||||
"</html>\n",
|
"</html>\n",
|
||||||
PACKAGE, VERSION, PACKAGE, VERSION,
|
PACKAGE, PACKAGE,
|
||||||
stats->num_open,
|
stats->num_open,
|
||||||
stats->num_reqs,
|
stats->num_reqs,
|
||||||
stats->num_badcons, stats->num_denied,
|
stats->num_badcons, stats->num_denied,
|
||||||
stats->num_refused, PACKAGE, VERSION);
|
stats->num_refused, PACKAGE);
|
||||||
|
|
||||||
if (send_http_message (connptr, 200, "OK",
|
if (send_http_message (connptr, 200, "OK",
|
||||||
message_buffer) < 0) {
|
message_buffer) < 0) {
|
||||||
|
@ -39,7 +39,7 @@ send_http_message (struct conn_s *connptr, int http_code,
|
|||||||
const char *error_title, const char *message)
|
const char *error_title, const char *message)
|
||||||
{
|
{
|
||||||
static const char *headers[] = {
|
static const char *headers[] = {
|
||||||
"Server: " PACKAGE "/" VERSION,
|
"Server: " PACKAGE,
|
||||||
"Content-type: text/html",
|
"Content-type: text/html",
|
||||||
"Connection: close"
|
"Connection: close"
|
||||||
};
|
};
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
# this program; if not, see <http://www.gnu.org/licenses/>.
|
# this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
|
||||||
SCRIPTS_DIR=$(pwd)/$(dirname $0)
|
SCRIPTS_DIR=$(cd $(dirname $0) && pwd)
|
||||||
BASEDIR=$SCRIPTS_DIR/../..
|
BASEDIR=$SCRIPTS_DIR/../..
|
||||||
TESTS_DIR=$SCRIPTS_DIR/..
|
TESTS_DIR=$SCRIPTS_DIR/..
|
||||||
TESTENV_DIR=$TESTS_DIR/env
|
TESTENV_DIR=$TESTS_DIR/env
|
||||||
@ -83,6 +83,7 @@ DefaultErrorFile "$TINYPROXY_DATA_DIR/debug.html"
|
|||||||
ErrorFile 400 "$TINYPROXY_DATA_DIR/debug.html"
|
ErrorFile 400 "$TINYPROXY_DATA_DIR/debug.html"
|
||||||
ErrorFile 403 "$TINYPROXY_DATA_DIR/debug.html"
|
ErrorFile 403 "$TINYPROXY_DATA_DIR/debug.html"
|
||||||
ErrorFile 501 "$TINYPROXY_DATA_DIR/debug.html"
|
ErrorFile 501 "$TINYPROXY_DATA_DIR/debug.html"
|
||||||
|
ErrorFile 502 "$TINYPROXY_DATA_DIR/debug.html"
|
||||||
StatFile "$TINYPROXY_DATA_DIR/stats.html"
|
StatFile "$TINYPROXY_DATA_DIR/stats.html"
|
||||||
Logfile "$TINYPROXY_LOG_FILE"
|
Logfile "$TINYPROXY_LOG_FILE"
|
||||||
PidFile "$TINYPROXY_PID_FILE"
|
PidFile "$TINYPROXY_PID_FILE"
|
||||||
@ -99,6 +100,7 @@ XTinyproxy Yes
|
|||||||
AddHeader "X-My-Header1" "Powered by Tinyproxy"
|
AddHeader "X-My-Header1" "Powered by Tinyproxy"
|
||||||
AddHeader "X-My-Header2" "Powered by Tinyproxy"
|
AddHeader "X-My-Header2" "Powered by Tinyproxy"
|
||||||
AddHeader "X-My-Header3" "Powered by Tinyproxy"
|
AddHeader "X-My-Header3" "Powered by Tinyproxy"
|
||||||
|
Upstream http 255.255.255.255:65535 ".invalid"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat << 'EOF' > $TINYPROXY_FILTER_FILE
|
cat << 'EOF' > $TINYPROXY_FILTER_FILE
|
||||||
@ -244,6 +246,10 @@ test "x$?" = "x0" || FAILED=$((FAILED + 1))
|
|||||||
echo -n "requesting connect method to denied port..."
|
echo -n "requesting connect method to denied port..."
|
||||||
run_failure_webclient_request 403 --method=CONNECT "$TINYPROXY_IP:$TINYPROXY_PORT" "localhost:12345"
|
run_failure_webclient_request 403 --method=CONNECT "$TINYPROXY_IP:$TINYPROXY_PORT" "localhost:12345"
|
||||||
test "x$?" = "x0" || FAILED=$((FAILED + 1))
|
test "x$?" = "x0" || FAILED=$((FAILED + 1))
|
||||||
|
|
||||||
|
echo -n "testing unavailable backend..."
|
||||||
|
run_failure_webclient_request 502 "$TINYPROXY_IP:$TINYPROXY_PORT" "http://bogus.invalid"
|
||||||
|
test "x$?" = "x0" || FAILED=$((FAILED + 1))
|
||||||
}
|
}
|
||||||
|
|
||||||
basic_test
|
basic_test
|
||||||
|
@ -26,9 +26,8 @@ use Pod::Usage;
|
|||||||
|
|
||||||
my $EOL = "\015\012";
|
my $EOL = "\015\012";
|
||||||
|
|
||||||
my $VERSION = "0.1";
|
|
||||||
my $NAME = "Tinyproxy-Web-Client";
|
my $NAME = "Tinyproxy-Web-Client";
|
||||||
my $user_agent = "$NAME/$VERSION";
|
my $user_agent = "$NAME";
|
||||||
my $user_agent_header = "User-Agent: $user_agent$EOL";
|
my $user_agent_header = "User-Agent: $user_agent$EOL";
|
||||||
my $http_version = "1.0";
|
my $http_version = "1.0";
|
||||||
my $method = "GET";
|
my $method = "GET";
|
||||||
|
@ -31,9 +31,8 @@ use Getopt::Long;
|
|||||||
use Pod::Usage;
|
use Pod::Usage;
|
||||||
use Fcntl ':flock'; # import LOCK_* constants
|
use Fcntl ':flock'; # import LOCK_* constants
|
||||||
|
|
||||||
my $VERSION = "0.1";
|
|
||||||
my $NAME = "Tinyproxy-Test-Web-Server";
|
my $NAME = "Tinyproxy-Test-Web-Server";
|
||||||
my $server_header = "Server: $NAME/$VERSION";
|
my $server_header = "Server: $NAME";
|
||||||
|
|
||||||
my $EOL = "\015\012";
|
my $EOL = "\015\012";
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user