drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-12-04 15:40:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

do not touch non-http looking data blocks

Browse Source
This commit is contained in:
bolvan 2017-05-08 18:56:43 +03:00
parent 7c38e73833
commit 75cde6a1ea
5 changed files with 612 additions and 597 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
binaries/armhf/tpws
View File

Binary file not shown.

BIN
binaries/mips32r1-lsb/tpws
View File

Binary file not shown.

BIN
binaries/mips32r1-msb/tpws
View File

Binary file not shown.

BIN
binaries/x86_64/tpws
View File

Binary file not shown.

369
tpws/tpws.c
View File

@ -24,7 +24,7 @@
#include "tpws.h" #include "tpws.h"
#include "tpws_conn.h" #include "tpws_conn.h"
enum splithttpreq {split_none=0,split_method,split_host}; enum splithttpreq { split_none = 0, split_method, split_host };
struct params_s struct params_s
{ {
@ -33,7 +33,7 @@ struct params_s
gid_t gid; gid_t gid;
uint16_t port; uint16_t port;
bool daemon; bool daemon;
bool hostcase,hostdot,hosttab,methodspace,methodeol,unixeol; bool hostcase, hostdot, hosttab, methodspace, methodeol, unixeol;
char hostspell[4]; char hostspell[4];
enum splithttpreq split_http_req; enum splithttpreq split_http_req;
int split_pos; int split_pos;
@ -42,13 +42,13 @@ struct params_s
struct params_s params; struct params_s params;
unsigned char *find_bin(void *data,ssize_t len,const void *blk,ssize_t blk_len) unsigned char *find_bin(void *data, ssize_t len, const void *blk, ssize_t blk_len)
{ {
while (len>=blk_len) while (len >= blk_len)
{ {
if (!memcmp(data,blk,blk_len)) if (!memcmp(data, blk, blk_len))
return data; return data;
data=(char*)data+1; data = (char*)data + 1;
len--; len--;
} }
return NULL; return NULL;
@ -56,50 +56,51 @@ unsigned char *find_bin(void *data,ssize_t len,const void *blk,ssize_t blk_len)
ssize_t send_with_flush(int sockfd, const void *buf, size_t len, int flags) ssize_t send_with_flush(int sockfd, const void *buf, size_t len, int flags)
{ {
int flag,err; int flag, err;
ssize_t wr; ssize_t wr;
flag=1; flag = 1;
setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(int)); setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, (char *)&flag, sizeof(int));
wr=send(sockfd,buf,len,flags); wr = send(sockfd, buf, len, flags);
err=errno; err = errno;
flag=0; flag = 0;
setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(int)); setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, (char *)&flag, sizeof(int));
errno=err; errno = err;
return wr; return wr;
} }
void close_tcp_conn(tproxy_conn_t *conn, struct tailhead *conn_list, void close_tcp_conn(tproxy_conn_t *conn, struct tailhead *conn_list,
struct tailhead *close_list){ struct tailhead *close_list) {
conn->state = CONN_CLOSED; conn->state = CONN_CLOSED;
TAILQ_REMOVE(conn_list, conn, conn_ptrs); TAILQ_REMOVE(conn_list, conn, conn_ptrs);
TAILQ_INSERT_TAIL(close_list, conn, conn_ptrs); TAILQ_INSERT_TAIL(close_list, conn, conn_ptrs);
} }
static const char *http_split_methods[]={"GET /","POST /","HEAD /","OPTIONS /",NULL}; static const char *http_methods[] = { "GET /","POST /","HEAD /","OPTIONS /","PUT /","DELETE /","CONNECT /","TRACE /",NULL };
static const char *http_split_host[]={"\r\nHost: ",NULL}; static const char *http_split_host[] = { "\r\nHost: ",NULL };
#define RD_BLOCK_SIZE 8192 #define RD_BLOCK_SIZE 8192
bool handle_epollin(tproxy_conn_t *conn,int *data_transferred){ bool handle_epollin(tproxy_conn_t *conn, int *data_transferred) {
int numbytes; int numbytes;
int fd_in, fd_out; int fd_in, fd_out;
bool bOutgoing; bool bOutgoing;
ssize_t rd=0,wr=0,bs; ssize_t rd = 0, wr = 0, bs;
//Easy way to determin which socket is ready for reading //Easy way to determin which socket is ready for reading
//TODO: Optimize. This one allows me quick lookup for conn, but //TODO: Optimize. This one allows me quick lookup for conn, but
//I need to make a system call to determin which socket //I need to make a system call to determin which socket
numbytes=0; numbytes = 0;
if(ioctl(conn->local_fd, FIONREAD, &numbytes) != -1 if (ioctl(conn->local_fd, FIONREAD, &numbytes) != -1
&& numbytes > 0){ && numbytes > 0) {
fd_in = conn->local_fd; fd_in = conn->local_fd;
fd_out = conn->remote_fd; fd_out = conn->remote_fd;
bOutgoing = true; bOutgoing = true;
} else { }
else {
fd_in = conn->remote_fd; fd_in = conn->remote_fd;
fd_out = conn->local_fd; fd_out = conn->local_fd;
numbytes=0; numbytes = 0;
ioctl(fd_in, FIONREAD, &numbytes); ioctl(fd_in, FIONREAD, &numbytes);
bOutgoing = false; bOutgoing = false;
} }
@ -108,58 +109,72 @@ bool handle_epollin(tproxy_conn_t *conn,int *data_transferred){
{ {
if (bOutgoing) if (bOutgoing)
{ {
char buf[RD_BLOCK_SIZE+4],*p,*phost=NULL; char buf[RD_BLOCK_SIZE + 4], *p, *pp, *phost = NULL;
ssize_t l,split_pos=0,method_split_pos=0,host_split_pos=0,split_array_pos_offset=1,pos; ssize_t l, method_len=0, split_pos = 0, method_split_pos = 0, host_split_pos = 0, split_array_pos_offset = 1, pos;
const char **split_array=NULL, **split_item, **item; const char **split_array = NULL, **split_item, **method;
bool bIsHttp;
rd = recv(fd_in,buf,RD_BLOCK_SIZE,MSG_DONTWAIT); rd = recv(fd_in, buf, RD_BLOCK_SIZE, MSG_DONTWAIT);
if (rd>0) if (rd > 0)
{ {
bs = rd; bs = rd;
bIsHttp = false;
for (method = http_methods; *method; method++)
{
method_len = strlen(*method);
if (method_len <= bs && !memcmp(buf, *method, method_len))
{
bIsHttp = true;
method_len-=2; // "GET /" => "GET"
break;
}
}
if (bIsHttp)
{
printf("Data block looks like http request start : %s\n", *method);
if (params.unixeol) if (params.unixeol)
{ {
printf("Replacing 0D0A to 0A\n"); printf("Replacing 0D0A to 0A\n");
p = buf; p = pp = buf;
while (p=find_bin(p,buf+bs-p,"\r\n",2)) while (p = find_bin(p, buf + bs - p, "\r\n", 2))
{ {
*p = '\n'; p++; *p = '\n'; p++;
memmove(p,p+1,buf+bs-p-1); memmove(p, p + 1, buf + bs - p - 1);
bs--; bs--;
if (pp == (p - 1))
{
// probably end of http headers
printf("Found double EOL at pos %zd. Stop replacing.\n", pp - buf);
break;
}
pp = p;
} }
} }
if (params.methodspace) if (params.methodspace)
{ {
for(item=http_split_methods;*item;item++) // we only work with data blocks looking as HTTP query, so method is at the beginning
{ printf("Adding extra space after method\n");
l = strlen(*item); p = buf + method_len + 1;
if (p=find_bin(buf,bs,*item,l)) pos = method_len + 1;
{ memmove(p + 1, p, bs - pos);
pos = p-buf;
printf("Found http method '%s' at pos %zd. Adding extra space.\n",*item,pos);
p += l-1;
pos += l-1;
memmove(p+1,p,bs-pos);
*p = ' '; // insert extra space *p = ' '; // insert extra space
bs++; // block will grow by 1 byte bs++; // block will grow by 1 byte
method_split_pos = pos-2; // remember split position and use it if required
break;
}
}
} }
if (params.hostdot || params.hosttab) if (params.hostdot || params.hosttab)
{ {
if (phost=find_bin(buf,bs,params.unixeol ? "\nHost: " : "\r\nHost: ",params.unixeol ? 7 : 8)) if (phost = find_bin(buf, bs, params.unixeol ? "\nHost: " : "\r\nHost: ", params.unixeol ? 7 : 8))
{ {
host_split_pos = phost-buf+7; host_split_pos = phost - buf + 7;
p = phost+8; p = phost + 8;
while(p<(buf+bs) && *p!='\r' && *p!='\n') p++; while (p < (buf + bs) && *p != '\r' && *p != '\n') p++;
if (p<(buf+bs)) if (p < (buf + bs))
{ {
pos = p-buf; pos = p - buf;
printf("Adding %s to host name at pos %zd\n",params.hostdot ? "dot" : "tab",pos); printf("Adding %s to host name at pos %zd\n", params.hostdot ? "dot" : "tab", pos);
memmove(p+1,p,bs-pos); memmove(p + 1, p, bs - pos);
*p = params.hostdot ? '.' : '\t'; // insert dot or tab *p = params.hostdot ? '.' : '\t'; // insert dot or tab
bs++; // block will grow by 1 byte bs++; // block will grow by 1 byte
} }
@ -167,21 +182,14 @@ bool handle_epollin(tproxy_conn_t *conn,int *data_transferred){
} }
if (params.split_pos) if (params.split_pos)
{ {
split_pos = params.split_pos<bs ? params.split_pos : 0; split_pos = params.split_pos < bs ? params.split_pos : 0;
} }
else else
{ {
switch (params.split_http_req) switch (params.split_http_req)
{ {
case split_method: case split_method:
// do we have already split position ? if so use it without another search split_pos = method_len - 1;
if (method_split_pos)
split_pos = method_split_pos;
else
{
split_array = http_split_methods;
split_array_pos_offset = 3;
}
break; break;
case split_host: case split_host:
if (host_split_pos) if (host_split_pos)
@ -194,24 +202,24 @@ bool handle_epollin(tproxy_conn_t *conn,int *data_transferred){
if (split_array) if (split_array)
{ {
// we havent found split post yet. need to search. // we havent found split post yet. need to search.
for(split_item=split_array;*split_item;split_item++) for (split_item = split_array; *split_item; split_item++)
{ {
l = strlen(*split_item); l = strlen(*split_item);
if (p=find_bin(buf,bs,*split_item,l)) if (p = find_bin(buf, bs, *split_item, l))
{ {
split_pos = p-buf; split_pos = p - buf;
printf("Found split item '%s' at pos %zd. Split offset is -%zd.\n",*split_item,split_pos,split_array_pos_offset); printf("Found split item '%s' at pos %zd. Split offset is -%zd.\n", *split_item, split_pos, split_array_pos_offset);
split_pos += l-split_array_pos_offset; split_pos += l - split_array_pos_offset;
break; break;
} }
} }
} }
if (params.hostcase) if (params.hostcase)
{ {
if (phost || (phost=find_bin(buf,bs,params.unixeol ? "\nHost: " : "\r\nHost: ",params.unixeol ? 7 : 8))) if (phost || (phost = find_bin(buf, bs, params.unixeol ? "\nHost: " : "\r\nHost: ", params.unixeol ? 7 : 8)))
{ {
printf("Changing 'Host:' => '%c%c%c%c:' at pos %zd\n",params.hostspell[0],params.hostspell[1],params.hostspell[2],params.hostspell[3],phost-buf+2); printf("Changing 'Host:' => '%c%c%c%c:' at pos %zd\n", params.hostspell[0], params.hostspell[1], params.hostspell[2], params.hostspell[3], phost - buf + 2);
memcpy(phost+2,params.hostspell,4); memcpy(phost + 2, params.hostspell, 4);
} }
} }
if (params.methodeol) if (params.methodeol)
@ -219,30 +227,36 @@ bool handle_epollin(tproxy_conn_t *conn,int *data_transferred){
printf("Adding EOL before method\n"); printf("Adding EOL before method\n");
if (params.unixeol) if (params.unixeol)
{ {
memmove(buf+1,buf,bs); memmove(buf + 1, buf, bs);
bs++;; bs++;;
buf[0]='\n'; buf[0] = '\n';
if (split_pos) split_pos++; if (split_pos) split_pos++;
} }
else else
{ {
memmove(buf+2,buf,bs); memmove(buf + 2, buf, bs);
bs+=2; bs += 2;
buf[0]='\r'; buf[0] = '\r';
buf[1]='\n'; buf[1] = '\n';
if (split_pos) split_pos+=2; if (split_pos) split_pos += 2;
} }
} }
if (split_pos)
{
printf("Splitting at pos %zd\n",split_pos);
wr=send_with_flush(fd_out,buf,split_pos,0);
if (wr>=0)
wr=send(fd_out,buf+split_pos,bs-split_pos,0);
} }
else else
{ {
wr=send(fd_out,buf,bs,0); printf("Data block does not look like http request start\n");
}
if (split_pos)
{
printf("Splitting at pos %zd\n", split_pos);
wr = send_with_flush(fd_out, buf, split_pos, 0);
if (wr >= 0)
wr = send(fd_out, buf + split_pos, bs - split_pos, 0);
}
else
{
wr = send(fd_out, buf, bs, 0);
} }
} }
} }
@ -255,7 +269,7 @@ bool handle_epollin(tproxy_conn_t *conn,int *data_transferred){
rd = numbytes = splice(fd_in, NULL, conn->splice_pipe[1], NULL, rd = numbytes = splice(fd_in, NULL, conn->splice_pipe[1], NULL,
SPLICE_LEN, SPLICE_F_MOVE | SPLICE_F_NONBLOCK); SPLICE_LEN, SPLICE_F_MOVE | SPLICE_F_NONBLOCK);
//printf("spliced rd=%d\n",rd); //printf("spliced rd=%d\n",rd);
if (rd>0) if (rd > 0)
{ {
wr = splice(conn->splice_pipe[0], NULL, fd_out, NULL, wr = splice(conn->splice_pipe[0], NULL, fd_out, NULL,
rd, SPLICE_F_MOVE); rd, SPLICE_F_MOVE);
@ -263,19 +277,19 @@ bool handle_epollin(tproxy_conn_t *conn,int *data_transferred){
//printf("splice rd=%d wr=%d\n",rd,wr); //printf("splice rd=%d wr=%d\n",rd,wr);
} }
} }
if (data_transferred) *data_transferred = rd<0 ? 0 : rd; if (data_transferred) *data_transferred = rd < 0 ? 0 : rd;
return rd!=-1 && wr!=-1; return rd != -1 && wr != -1;
} }
void remove_closed_connections(struct tailhead *close_list){ void remove_closed_connections(struct tailhead *close_list) {
tproxy_conn_t *conn = NULL; tproxy_conn_t *conn = NULL;
while(close_list->tqh_first != NULL){ while (close_list->tqh_first != NULL) {
conn = (tproxy_conn_t*) close_list->tqh_first; conn = (tproxy_conn_t*)close_list->tqh_first;
TAILQ_REMOVE(close_list, close_list->tqh_first, conn_ptrs); TAILQ_REMOVE(close_list, close_list->tqh_first, conn_ptrs);
int rd=0; int rd = 0;
while(handle_epollin(conn,&rd) && rd); while (handle_epollin(conn, &rd) && rd);
printf("Socket %d and %d closed, connection removed\n", printf("Socket %d and %d closed, connection removed\n",
conn->local_fd, conn->remote_fd); conn->local_fd, conn->remote_fd);
@ -283,7 +297,7 @@ void remove_closed_connections(struct tailhead *close_list){
} }
} }
int event_loop(int listen_fd){ int event_loop(int listen_fd) {
int retval = 0, num_events = 0; int retval = 0, num_events = 0;
int tmp_fd = 0; //Used to temporarily hold the accepted file descriptor int tmp_fd = 0; //Used to temporarily hold the accepted file descriptor
tproxy_conn_t *conn = NULL; tproxy_conn_t *conn = NULL;
@ -297,7 +311,7 @@ int event_loop(int listen_fd){
TAILQ_INIT(&conn_list); TAILQ_INIT(&conn_list);
TAILQ_INIT(&close_list); TAILQ_INIT(&close_list);
if((efd = epoll_create(1)) == -1){ if ((efd = epoll_create(1)) == -1) {
perror("epoll_create"); perror("epoll_create");
return -1; return -1;
} }
@ -309,32 +323,32 @@ int event_loop(int listen_fd){
//easy access to the connections. So if ptr is NULL that means an event on //easy access to the connections. So if ptr is NULL that means an event on
//listen socket. //listen socket.
ev.data.ptr = NULL; ev.data.ptr = NULL;
if(epoll_ctl(efd, EPOLL_CTL_ADD, listen_fd, &ev) == -1){ if (epoll_ctl(efd, EPOLL_CTL_ADD, listen_fd, &ev) == -1) {
perror("epoll_ctl (listen socket)"); perror("epoll_ctl (listen socket)");
return -1; return -1;
} }
while(1){ while (1) {
if((num_events = epoll_wait(efd, events, MAX_EPOLL_EVENTS, -1)) == -1){ if ((num_events = epoll_wait(efd, events, MAX_EPOLL_EVENTS, -1)) == -1) {
perror("epoll_wait"); perror("epoll_wait");
retval = -1; retval = -1;
break; break;
} }
for(i=0; i<num_events; i++){ for (i = 0; i < num_events; i++) {
if(events[i].data.ptr == NULL){ if (events[i].data.ptr == NULL) {
//Accept new connection //Accept new connection
tmp_fd = accept(listen_fd, NULL, 0); tmp_fd = accept(listen_fd, NULL, 0);
if (tmp_fd<0) if (tmp_fd < 0)
{ {
fprintf(stderr, "Failed to accept connection\n"); fprintf(stderr, "Failed to accept connection\n");
} }
else if (conncount>=params.maxconn) else if (conncount >= params.maxconn)
{ {
close(tmp_fd); close(tmp_fd);
fprintf(stderr, "Too much connections : %d\n",conncount); fprintf(stderr, "Too much connections : %d\n", conncount);
} }
else if((conn = add_tcp_connection(efd, &conn_list, tmp_fd, params.port)) == NULL) else if ((conn = add_tcp_connection(efd, &conn_list, tmp_fd, params.port)) == NULL)
{ {
close(tmp_fd); close(tmp_fd);
fprintf(stderr, "Failed to add connection\n"); fprintf(stderr, "Failed to add connection\n");
@ -342,15 +356,16 @@ int event_loop(int listen_fd){
else else
{ {
conncount++; conncount++;
printf("Connections : %d\n",conncount); printf("Connections : %d\n", conncount);
} }
} else { }
conn = (tproxy_conn_t*) events[i].data.ptr; else {
conn = (tproxy_conn_t*)events[i].data.ptr;
//Only applies to remote_fd, connection attempt has //Only applies to remote_fd, connection attempt has
//succeeded/failed //succeeded/failed
if(events[i].events & EPOLLOUT){ if (events[i].events & EPOLLOUT) {
if(check_connection_attempt(conn, efd) == -1){ if (check_connection_attempt(conn, efd) == -1) {
fprintf(stderr, "Connection attempt failed for %d\n", fprintf(stderr, "Connection attempt failed for %d\n",
conn->remote_fd); conn->remote_fd);
check_close = 1; check_close = 1;
@ -358,10 +373,11 @@ int event_loop(int listen_fd){
conncount--; conncount--;
} }
continue; continue;
} else if(conn->state != CONN_CLOSED && }
else if (conn->state != CONN_CLOSED &&
(events[i].events & EPOLLRDHUP || (events[i].events & EPOLLRDHUP ||
events[i].events & EPOLLHUP || events[i].events & EPOLLHUP ||
events[i].events & EPOLLERR)){ events[i].events & EPOLLERR)) {
check_close = 1; check_close = 1;
close_tcp_conn(conn, &conn_list, &close_list); close_tcp_conn(conn, &conn_list, &close_list);
conncount--; conncount--;
@ -371,11 +387,11 @@ int event_loop(int listen_fd){
//Since I use an event cache, earlier events might cause for //Since I use an event cache, earlier events might cause for
//example this connection to be closed. No need to process fd if //example this connection to be closed. No need to process fd if
//that is the case //that is the case
if(conn->state == CONN_CLOSED){ if (conn->state == CONN_CLOSED) {
continue; continue;
} }
if (!handle_epollin(conn,NULL)){ if (!handle_epollin(conn, NULL)) {
close_tcp_conn(conn, &conn_list, &close_list); close_tcp_conn(conn, &conn_list, &close_list);
conncount--; conncount--;
check_close = 1; check_close = 1;
@ -384,7 +400,7 @@ int event_loop(int listen_fd){
} }
//Remove connections //Remove connections
if(check_close) if (check_close)
remove_closed_connections(&close_list); remove_closed_connections(&close_list);
check_close = 0; check_close = 0;
@ -394,22 +410,22 @@ int event_loop(int listen_fd){
return retval; return retval;
} }
int8_t block_sigpipe(){ int8_t block_sigpipe() {
sigset_t sigset; sigset_t sigset;
memset(&sigset, 0, sizeof(sigset)); memset(&sigset, 0, sizeof(sigset));
//Get the old sigset, add SIGPIPE and update sigset //Get the old sigset, add SIGPIPE and update sigset
if(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1){ if (sigprocmask(SIG_BLOCK, NULL, &sigset) == -1) {
perror("sigprocmask (get)"); perror("sigprocmask (get)");
return -1; return -1;
} }
if(sigaddset(&sigset, SIGPIPE) == -1){ if (sigaddset(&sigset, SIGPIPE) == -1) {
perror("sigaddset"); perror("sigaddset");
return -1; return -1;
} }
if(sigprocmask(SIG_BLOCK, &sigset, NULL) == -1){ if (sigprocmask(SIG_BLOCK, &sigset, NULL) == -1) {
perror("sigprocmask (set)"); perror("sigprocmask (set)");
return -1; return -1;
} }
@ -425,53 +441,53 @@ void exithelp()
void parse_params(int argc, char *argv[]) void parse_params(int argc, char *argv[])
{ {
int option_index=0; int option_index = 0;
int v,i; int v, i;
memset(&params,0,sizeof(params)); memset(&params, 0, sizeof(params));
memcpy(params.hostspell,"host",4); // default hostspell memcpy(params.hostspell, "host", 4); // default hostspell
params.maxconn = DEFAULT_MAX_CONN; params.maxconn = DEFAULT_MAX_CONN;
const struct option long_options[] = { const struct option long_options[] = {
{"help",no_argument,0,0},// optidx=0 { "help",no_argument,0,0 },// optidx=0
{"h",no_argument,0,0},// optidx=1 { "h",no_argument,0,0 },// optidx=1
{"bind-addr",required_argument,0,0},// optidx=2 { "bind-addr",required_argument,0,0 },// optidx=2
{"port",required_argument,0,0},// optidx=3 { "port",required_argument,0,0 },// optidx=3
{"daemon",no_argument,0,0},// optidx=4 { "daemon",no_argument,0,0 },// optidx=4
{"user",required_argument,0,0},// optidx=5 { "user",required_argument,0,0 },// optidx=5
{"maxconn",required_argument,0,0},// optidx=6 { "maxconn",required_argument,0,0 },// optidx=6
{"hostcase",no_argument,0,0},// optidx=7 { "hostcase",no_argument,0,0 },// optidx=7
{"hostspell",required_argument,0,0},// optidx=8 { "hostspell",required_argument,0,0 },// optidx=8
{"hostdot",no_argument,0,0},// optidx=9 { "hostdot",no_argument,0,0 },// optidx=9
{"split-http-req",required_argument,0,0},// optidx=10 { "split-http-req",required_argument,0,0 },// optidx=10
{"split-pos",required_argument,0,0},// optidx=11 { "split-pos",required_argument,0,0 },// optidx=11
{"methodspace",no_argument,0,0},// optidx=12 { "methodspace",no_argument,0,0 },// optidx=12
{"methodeol",no_argument,0,0},// optidx=13 { "methodeol",no_argument,0,0 },// optidx=13
{"hosttab",no_argument,0,0},// optidx=14 { "hosttab",no_argument,0,0 },// optidx=14
{"unixeol",no_argument,0,0},// optidx=15 { "unixeol",no_argument,0,0 },// optidx=15
{NULL,0,NULL,0} { NULL,0,NULL,0 }
}; };
while ((v=getopt_long_only(argc,argv,"",long_options,&option_index))!=-1) while ((v = getopt_long_only(argc, argv, "", long_options, &option_index)) != -1)
{ {
if (v) exithelp(); if (v) exithelp();
switch(option_index) switch (option_index)
{ {
case 0: case 0:
case 1: case 1:
exithelp(); exithelp();
break; break;
case 2: /* bind-addr */ case 2: /* bind-addr */
strncpy(params.bindaddr,optarg,sizeof(params.bindaddr)); strncpy(params.bindaddr, optarg, sizeof(params.bindaddr));
params.bindaddr[sizeof(params.bindaddr)-1] = 0; params.bindaddr[sizeof(params.bindaddr) - 1] = 0;
break; break;
case 3: /* qnum */ case 3: /* qnum */
i=atoi(optarg); i = atoi(optarg);
if (i<=0 || i>65535) if (i <= 0 || i > 65535)
{ {
fprintf(stderr,"bad port number\n"); fprintf(stderr, "bad port number\n");
exit(1); exit(1);
} }
params.port=(uint16_t)i; params.port = (uint16_t)i;
break; break;
case 4: /* daemon */ case 4: /* daemon */
params.daemon = true; params.daemon = true;
@ -481,7 +497,7 @@ void parse_params(int argc, char *argv[])
struct passwd *pwd = getpwnam(optarg); struct passwd *pwd = getpwnam(optarg);
if (!pwd) if (!pwd)
{ {
fprintf(stderr,"non-existent username supplied\n"); fprintf(stderr, "non-existent username supplied\n");
exit(1); exit(1);
} }
params.uid = pwd->pw_uid; params.uid = pwd->pw_uid;
@ -489,10 +505,10 @@ void parse_params(int argc, char *argv[])
break; break;
} }
case 6: /* maxconn */ case 6: /* maxconn */
params.maxconn=atoi(optarg); params.maxconn = atoi(optarg);
if (params.maxconn<=0) if (params.maxconn <= 0)
{ {
fprintf(stderr,"bad maxconn\n"); fprintf(stderr, "bad maxconn\n");
exit(1); exit(1);
} }
break; break;
@ -500,25 +516,25 @@ void parse_params(int argc, char *argv[])
params.hostcase = true; params.hostcase = true;
break; break;
case 8: /* hostspell */ case 8: /* hostspell */
if (strlen(optarg)!=4) if (strlen(optarg) != 4)
{ {
fprintf(stdout,"hostspell must be exactly 4 chars long\n"); fprintf(stdout, "hostspell must be exactly 4 chars long\n");
exit(1); exit(1);
} }
params.hostcase = true; params.hostcase = true;
memcpy(params.hostspell,optarg,4); memcpy(params.hostspell, optarg, 4);
break; break;
case 9: /* hostdot */ case 9: /* hostdot */
params.hostdot = true; params.hostdot = true;
break; break;
case 10: /* split-http-req */ case 10: /* split-http-req */
if (!strcmp(optarg,"method")) if (!strcmp(optarg, "method"))
params.split_http_req = split_method; params.split_http_req = split_method;
else if (!strcmp(optarg,"host")) else if (!strcmp(optarg, "host"))
params.split_http_req = split_host; params.split_http_req = split_host;
else else
{ {
fprintf(stderr,"Invalid argument for split-http-req\n"); fprintf(stderr, "Invalid argument for split-http-req\n");
exit(1); exit(1);
} }
break; break;
@ -528,7 +544,7 @@ void parse_params(int argc, char *argv[])
params.split_pos = i; params.split_pos = i;
else else
{ {
fprintf(stderr,"Invalid argument for split-pos\n"); fprintf(stderr, "Invalid argument for split-pos\n");
exit(1); exit(1);
} }
break; break;
@ -548,7 +564,7 @@ void parse_params(int argc, char *argv[])
} }
if (!params.port) if (!params.port)
{ {
fprintf(stderr,"Need port number\n"); fprintf(stderr, "Need port number\n");
exit(1); exit(1);
} }
} }
@ -568,13 +584,13 @@ void daemonize()
if (setsid() == -1) if (setsid() == -1)
exit(2); exit(2);
if (chdir ("/") == -1) if (chdir("/") == -1)
exit(2); exit(2);
close(STDIN_FILENO); close(STDIN_FILENO);
close(STDOUT_FILENO); close(STDOUT_FILENO);
close(STDERR_FILENO); close(STDERR_FILENO);
/* redirect fd's 0,1,2 to /dev/null */ /* redirect fd's 0,1,2 to /dev/null */
open ("/dev/null", O_RDWR); open("/dev/null", O_RDWR);
/* stdin */ /* stdin */
dup(0); dup(0);
/* stdout */ /* stdout */
@ -600,7 +616,7 @@ bool droproot()
return true; return true;
} }
int main(int argc, char *argv[]){ int main(int argc, char *argv[]) {
int listen_fd = 0; int listen_fd = 0;
int yes = 1, retval = 0; int yes = 1, retval = 0;
int r; int r;
@ -608,23 +624,23 @@ int main(int argc, char *argv[]){
socklen_t salisten_len; socklen_t salisten_len;
int ipv6_only; int ipv6_only;
parse_params(argc,argv); parse_params(argc, argv);
memset(&salisten,0,sizeof(salisten)); memset(&salisten, 0, sizeof(salisten));
if (*params.bindaddr) if (*params.bindaddr)
{ {
if (inet_pton(AF_INET,params.bindaddr, &((struct sockaddr_in*)&salisten)->sin_addr)) if (inet_pton(AF_INET, params.bindaddr, &((struct sockaddr_in*)&salisten)->sin_addr))
{ {
salisten.ss_family = AF_INET; salisten.ss_family = AF_INET;
((struct sockaddr_in*)&salisten)->sin_port = htons(params.port); ((struct sockaddr_in*)&salisten)->sin_port = htons(params.port);
salisten_len = sizeof(struct sockaddr_in); salisten_len = sizeof(struct sockaddr_in);
} }
else if (inet_pton(AF_INET6,params.bindaddr, &((struct sockaddr_in6*)&salisten)->sin6_addr)) else if (inet_pton(AF_INET6, params.bindaddr, &((struct sockaddr_in6*)&salisten)->sin6_addr))
{ {
salisten.ss_family = AF_INET6; salisten.ss_family = AF_INET6;
((struct sockaddr_in6*)&salisten)->sin6_port = htons(params.port); ((struct sockaddr_in6*)&salisten)->sin6_port = htons(params.port);
salisten_len = sizeof(struct sockaddr_in6); salisten_len = sizeof(struct sockaddr_in6);
ipv6_only=1; ipv6_only = 1;
} }
else else
{ {
@ -637,25 +653,25 @@ int main(int argc, char *argv[]){
salisten.ss_family = AF_INET6; salisten.ss_family = AF_INET6;
((struct sockaddr_in6*)&salisten)->sin6_port = htons(params.port); ((struct sockaddr_in6*)&salisten)->sin6_port = htons(params.port);
salisten_len = sizeof(struct sockaddr_in6); salisten_len = sizeof(struct sockaddr_in6);
ipv6_only=0; ipv6_only = 0;
// leave sin6_addr zero // leave sin6_addr zero
} }
if (params.daemon) daemonize(); if (params.daemon) daemonize();
if((listen_fd = socket(salisten.ss_family, SOCK_STREAM, 0)) == -1){ if ((listen_fd = socket(salisten.ss_family, SOCK_STREAM, 0)) == -1) {
perror("socket: "); perror("socket: ");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if ((salisten.ss_family==AF_INET6) && setsockopt(listen_fd, IPPROTO_IPV6, IPV6_V6ONLY, &ipv6_only, sizeof(ipv6_only)) == -1) if ((salisten.ss_family == AF_INET6) && setsockopt(listen_fd, IPPROTO_IPV6, IPV6_V6ONLY, &ipv6_only, sizeof(ipv6_only)) == -1)
{ {
perror("setsockopt (IPV6_ONLY): "); perror("setsockopt (IPV6_ONLY): ");
close(listen_fd); close(listen_fd);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if(setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1) if (setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1)
{ {
perror("setsockopt (SO_REUSEADDR): "); perror("setsockopt (SO_REUSEADDR): ");
close(listen_fd); close(listen_fd);
@ -664,7 +680,7 @@ int main(int argc, char *argv[]){
//Mark that this socket can be used for transparent proxying //Mark that this socket can be used for transparent proxying
//This allows the socket to accept connections for non-local IPs //This allows the socket to accept connections for non-local IPs
if(setsockopt(listen_fd, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) == -1) if (setsockopt(listen_fd, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) == -1)
{ {
perror("setsockopt (IP_TRANSPARENT): "); perror("setsockopt (IP_TRANSPARENT): ");
close(listen_fd); close(listen_fd);
@ -677,13 +693,13 @@ int main(int argc, char *argv[]){
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if(bind(listen_fd, (struct sockaddr *)&salisten, salisten_len) == -1){ if (bind(listen_fd, (struct sockaddr *)&salisten, salisten_len) == -1) {
perror("bind: "); perror("bind: ");
close(listen_fd); close(listen_fd);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if(listen(listen_fd, BACKLOG) == -1){ if (listen(listen_fd, BACKLOG) == -1) {
perror("listen: "); perror("listen: ");
close(listen_fd); close(listen_fd);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
@ -692,7 +708,7 @@ int main(int argc, char *argv[]){
//splice() causes the process to receive the SIGPIPE-signal if one part (for //splice() causes the process to receive the SIGPIPE-signal if one part (for
//example a socket) is closed during splice(). I would rather have splice() //example a socket) is closed during splice(). I would rather have splice()
//fail and return -1, so blocking SIGPIPE. //fail and return -1, so blocking SIGPIPE.
if(block_sigpipe() == -1){ if (block_sigpipe() == -1) {
fprintf(stderr, "Could not block SIGPIPE signal\n"); fprintf(stderr, "Could not block SIGPIPE signal\n");
close(listen_fd); close(listen_fd);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
@ -705,9 +721,8 @@ int main(int argc, char *argv[]){
fprintf(stderr, "Will exit\n"); fprintf(stderr, "Will exit\n");
if(retval < 0) if (retval < 0)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
else else
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }