Commit 267b4303 authored by Emmanuel Bouthenot's avatar Emmanuel Bouthenot

New upstream version 1.6

parent a06a8ec4
I've access to a limited number of different
systems only, so it's not guaranteed that
ffproxy will compile or work at all.
So far, I've tested ffproxy to work under
OpenBSD (x86), NetBSD (x86), FreeBSD (x86),
Linux (x86) and Solaris9 (sparc)
(compiled with gcc).
If you've patches to make ffproxy work
on other systems, or if you've success stories,
please let me know.
Send bug reports, comments, questions
to Niklas Olmes <niklas@noxa.de>
This diff is collapsed.
Version 1.6
============
* added CONNECT request method to
support HTTPS proxying
(see section HTTPS OPERATION
in ffproxy(8))
* new configuration options
unrestriced_connect and
timeout_connect
* updated documentation accordingly
* now using autoconf configure scripts
with new enhanced Makefile targets,
see file INSTALL
* fixed compiler warnings for some OSes
* removed (unportable) `char - '0'' hacks
to parse some numbers in http.c and
introduced numbers.c
* now using freshmeat.net's project
description in README and manpages
* updated file BUGS
Version 1.5.1
=============
* allow transparent operation
(see section TRANSPARENT OPERATION
in ffproxy(8) or ffproxy.quick(7))
* allow client to proxy keep alive
connections
* new configuration option use_keep_alive
* updated documentation accordingly
Version 1.5
===========
* IPv6 bind() support
* changed db/*
You'll perhaps need to update files,
also please take a look at ffproxy(8)
* allow comments and empty lines in db/*
* removed caching complety from code
* changed debug() to macro DEBUG()
* code cleanups
* check on configuration errors
* more documentation in manual pages
ffproxy(8), ffproxy.conf(5), ffproxy.quick(7)
* added HTTP Accelerator feature
* more configuration file options,
more command line options
(for IPv6 and HTTP Accelerator)
* allow non-numerical arguments to
uid, gid, -u, and -g
* more minor changes
* allow ffproxy to be compiled under Solaris8
Version 1.4.1
=============
* HTTP fix: savannah.gnu.org (and possibly
other hosts) does not understand
a Host: header with port number
correctly.
Now :80 is omitted, port number is only added
if needed.
* implemented SYSCONFDIR and DATADIR,
default location for ffproxy's working directory
(db/ and html/ path) is now /var/ffproxy
default location of ffproxy.conf is now
/etc/ffproxy.conf
Version 1.4
===========
* added IPv6 Support
* new config options
- use_ipv6 yes|no
- forward_proxy_ipv6 yes|no
* new command line option -4 (disable IPv6)
* PLEASE NOTE: ffproxy is not yet able to *bind*
to IPv6, this will be implemented soon after
this release
* removed config.proxyip and added config.proxyhost:
now proxyhost is resolved on every access
(was resolved only once on startup before)
* changed copyright notice in every .c File
(added new E-Mail Address and renewed (c))
* changed README and manpage (minor changes)
* moved configuration settings in Makefile up to
the top of the file
Version 1.3p2
=============
* not using http://host/path style GET requests
anymore when not contacting an auxiliary proxy
* fixed command line option -v behaviour:
ffproxy now terminates after displaying the
version number
* fixed wrong db_path comment in sample.config:
path must be relative to new root but in no case
absolute because at first time read of the config
files ffproxy hasn't dropped its priviliges --
because *after* reading them it knows that it
should do
Version 1.3p1
=============
* off by one error (reported by Oliver Kurth)
[ r->header[i] = (char *) my_alloc(len);
in request.c ] fixed
* (hopefully) fixed compiling issues under
linux (take a look at Makefile)
* manpage was installed in wrong location, fixed
--------------------------------------------------
Forgot sample.config in tar.gz for version 1.3,
fixed the tar.gz after report from Oliver Kurth
and uploaded the fixed one instead of the old
under the same file name on Fri, 2 Aug 2002
--------------------------------------------------
Version 1.3
===========
* complete rewrite
* layout of db/ has changed. delimited string
matching was abolished.
* undocumented caching support
Version 1.2
===========
* changed loop protection (now it is
possible to connect through an arbitrary
number of ffproxy proxy servers, previously
LOOP_HEADER had to be edited, which is
now abolished. The X-loop header is
generated by the pid of the master process
and seconds since the epoch at invocation
time and therefore can be regarded as
unique.)
* added configuration file support. See
file sample.config. System wide default
configuration file is /etc/ffproxy.conf,
but the user may use the new command
line option -f to specify the configuration
file to use. Note that command line
options overwrite defaults from
/etc/ffproxy.conf, but don't overwrite
user file configurations. In other words:
When using -f, other command line options
are useless.
* added a few new command line options.
See manpage or ffproxy -h for details.
* added HTTP HEAD method and changed code
to recognize different protocol versions
* added logging option to log every request.
By default, only filtered and incorrect
requests get logged, as before.
* regular expressions are now pre-compiled
to tune performance
* fixed some nasty bugs (i.e. error while
parsing optional host part in URLs.
Request was generally blocked, or
damaged headers under some circumstances)
* Updated manpage and README.
Version 1.1
===========
* added extended regular expression support
* raised MAX_MSG_SIZE in log.c
(longer URLs got truncated in log output)
* drop_privileges() allocated memory twice
(forgot to remove that, sorry)
(Note that this had no effect at all)
* added command line option -D to specify directory
which contains db/ and html/
* added a manpage -- fproxy(1)
* improved logging
* modified the html/* error files
* updated README file
* URL host is preferred from host in Host header
(previously host header could overwrite hostname
found in URL, so using another proxy server
through this proxy server)
* fixed compiling issues:
o changed Makefile (users got confused with MY_CFLAGS,
removed that completely)
o changed resolve() to return unsigned long since in_addr_t
is not supported on all systems
Version 1.0
===========
Initial release
Installation
============
(1) `$ ./configure', see `$ ./configure --help' for possible settings
(2) `$ make' to compile ffproxy
after succesful compilation:
(3.a) `# make install'
for a full install of ffproxy in
${PREFIX}/{bin,etc,man,share/ffproxy}
(overwrites existing configuration files!)
(3.b) `# make install_bin'
to install ffproxy binary only
(3.c) more install targets:
install_man install manual pages
install_conf install sample.conf to ${PREFIX}/etc/sample.conf
install_sample install sample.conf to ${PREFIX}/share/ffproxy/
install_data install db/ and html/ to ${PREFIX}/share/ffproxy/
(4) consult manual pages for configuration and start ffproxy
Documentation
=============
* ffproxy.quick(7) - quick introduction to setting up ffproxy
* ffproxy(8) - command line options; db/ and html/ description
* ffproxy.conf(5) - description of configuration files
Uninstalling
============
following uninstall-targets exist:
uninstall safe uninstall, remove binary,
sample.conf and manpages only
uninstall_man manpages
uninstall_conf ${PREFIX}/etc/ffproxy.conf
uninstall_sample sample.conf
uninstall_data db/, html/
uninstall_all all of above (removes your config!)
#
# $Id: Makefile.in,v 1.13 2005/01/05 15:50:08 niklas Exp niklas $
#
#OPTIONS = -DDEBUG
#OPTIONS = -W -Wall -Werror -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wbad-function-cast -pedantic-errors -O2
srcdir=@srcdir@
VPATH=@srcdir@
prefix=@prefix@
exec_prefix=@exec_prefix@
bindir=@bindir@
mandir=@mandir@
DESTDIR=
SHELL=@SHELL@
SRCS = main.c print.c socket.c request.c http.c alloc.c filter.c db.c file.c dns.c signals.c access.c regex.c msg.c poll.c number.c
OBJS = $(SRCS:.c=.o)
MANPAGES = ffproxy.8 ffproxy.conf.5 ffproxy.quick.7
SMANPAGES = ffproxy.8.s ffproxy.conf.5.s ffproxy.quick.7.s
MY_DBFILES=db/access.dyndns db/access.host db/access.ip db/filter.header.add db/filter.header.drop db/filter.header.entry db/filter.header.match db/filter.host.match db/filter.rheader.drop db/filter.rheader.entry db/filter.rheader.match db/filter.url.match
MY_HTMLFILES=html/connect html/filtered html/invalid html/post html/resolve
sysconfdir=@sysconfdir@
datadir=@datadir@
pkgdatadir=$(datadir)/ffproxy
CC=@CC@
CFLAGS=@CFLAGS@ -DCFGFILE="\"${sysconfdir}/ffproxy.conf\"" \
-DDATADIR="\"$(pkgdatadir)\"" $(OPTIONS)
LDFLAGS=@LDFLAGS@
LIBS=@LIBS@
INSTALL=@INSTALL@
INSTALL_PROGRAM=@INSTALL_PROGRAM@
INSTALL_DATA=@INSTALL_DATA@
all: ffproxy man conf
man:
for i in $(MANPAGES); do \
sed -e 's|_BASE_|$(pkgdatadir)|g' -e 's|_CFGFILE_|$(sysconfdir)/ffproxy.conf|g' $$i.s > $$i; \
done || for i in $(MANPAGES); do \
cp $$i $$i.s; done
conf:
sed -e 's|_BASE_|$(pkgdatadir)|g' sample.config.s \
> sample.config || cp sample.config.s sample.config
cp sample.config ffproxy.conf
installdirs: mkinstalldirs
$(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \
$(DESTDIR)$(datadir) \
$(DESTDIR)$(sysconfdir) \
$(DESTDIR)$(pkgdatadir) \
$(DESTDIR)$(pkgdatadir)/db \
$(DESTDIR)$(pkgdatadir)/html \
$(DESTDIR)$(mandir) \
$(DESTDIR)$(mandir)/man5 \
$(DESTDIR)$(mandir)/man7 \
$(DESTDIR)$(mandir)/man8
install: installdirs install_bin install_man install_config install_sample install_data
install_bin: ffproxy
$(INSTALL_PROGRAM) ffproxy $(DESTDIR)$(bindir)
install_man: man
$(INSTALL_DATA) ffproxy.conf.5 $(DESTDIR)$(mandir)/man5
$(INSTALL_DATA) ffproxy.quick.7 $(DESTDIR)$(mandir)/man7
$(INSTALL_DATA) ffproxy.8 $(DESTDIR)$(mandir)/man8
install_config: conf
$(INSTALL_DATA) ffproxy.conf $(DESTDIR)$(sysconfdir)
install_sample: conf
$(INSTALL_DATA) sample.config $(DESTDIR)$(pkgdatadir)
install_data:
$(INSTALL_DATA) $(MY_DBFILES) $(DESTDIR)$(pkgdatadir)/db
$(INSTALL_DATA) $(MY_HTMLFILES) $(DESTDIR)$(pkgdatadir)/html
uninstall: uninstall_bin uninstall_man uninstall_sample
uninstall_all: uninstall uninstall_config uninstall_data
uninstall_bin:
-rm -f $(DESTDIR)$(bindir)/ffproxy
uninstall_man:
-rm -f $(DESTDIR)$(mandir)/man5/ffproxy.conf.5
-rm -f $(DESTDIR)$(mandir)/man7/ffproxy.quick.7
-rm -f $(DESTDIR)$(mandir)/man8/ffproxy.8
uninstall_sample:
-rm -f $(DESTDIR)$(pkgdatadir)/sample.config
uninstall_config:
-rm -f $(DESTDIR)$(sysconfdir)/ffproxy.conf
uninstall_data: uninstall_sample
-( cd $(DESTDIR)$(pkgdatadir) && rm -f $(MY_DBFILES) )
-( cd $(DESTDIR)$(pkgdatadir) && rm -f $(MY_HTMLFILES) )
-rmdir $(DESTDIR)$(pkgdatadir)/db
-rmdir $(DESTDIR)$(pkgdatadir)/html
-rmdir $(DESTDIR)$(pkgdatadir)
ffproxy: $(OBJS)
$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
clean:
rm -f $(OBJS) $(MANPAGES) sample.config ffproxy.conf ffproxy
distclean: clean
rm -f Makefile configure.h config.cache config.log config.status
Description
===========
ffproxy is a filtering HTTP/HTTPS proxy server. It is able to filter by host,
URL, and header. Custom header entries can be filtered and added.
It can even drop its privileges and optionally chroot() to some directory.
Logging to syslog() is supported, as is using another auxiliary proxy server.
An HTTP accelerator feature (acting as a front-end to an HTTP server) is
included. Contacting IPv6 servers as well as binding to IPv6 is supported
and allows transparent IPv6 over IPv4 browsing (and vice versa).
Website: http://faith.eu.org/programs.html
New Features to add:
* add content filtering
* caching support
More ideas? Mail me.
/*
* ffproxy (c) 2002, 2003 Niklas Olmes <niklas@noxa.de>
* http://faith.eu.org
*
* $Id: access.c,v 2.0 2004/06/08 06:39:51 niklas Exp $
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 675
* Mass Ave, Cambridge, MA 02139, USA.
*/
#include <stdio.h>
#include <string.h>
#include "req.h"
#include "dbs.h"
#include "print.h"
#include "dns.h"
#include "regex.h"
#include "access.h"
int
check_access(const struct clinfo * host)
{
int i;
if (*host->ip != '\0') {
i = 0;
while (a_ip[i] != NULL)
if (do_regex(host->ip, a_ip[i++]) == 0)
return 0;
if (*host->name != '\0') {
i = 0;
while (a_host[i] != NULL)
if (do_regex(host->name, a_host[i++]) == 0)
return 0;
}
i = 0;
while (a_dyndns[i] != NULL)
if (strcmp(host->ip, resolve_to_a(a_dyndns[i++])) == 0)
return 0;
}
DEBUG(("check_access() => done, no access. IP (%s) Host (%s)", host->ip, host->name));
return 1;
}
int check_access(const struct clinfo *);
/*
* ffproxy (c) 2002, 2003 Niklas Olmes <niklas@noxa.de>
* http://faith.eu.org
*
* $Id: alloc.c,v 2.1 2004/12/31 08:59:15 niklas Exp $
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 675
* Mass Ave, Cambridge, MA 02139, USA.
*/
#include <stdio.h>
#include "configure.h"
#ifdef HAVE_STDLIB_H
# include <stdlib.h>
#endif
#include <string.h>
#include "print.h"
#include "alloc.h"
void *
my_alloc(size_t size)
{
void *p;
if ((p = malloc(size)) == NULL)
fatal("malloc() failed");
(void) memset(p, 0, size);
return p;
}
void *my_alloc(size_t size);
struct cfg {
unsigned int port;
char ipv4[256];
char ipv6[256];
int daemon;
int childs;
int ccount;
int backlog;
unsigned long uid;
unsigned long gid;
char chroot[256];
char dbdir[256];
char file[256];
char proxyhost[256];
unsigned int proxyport;
int syslog;
int logrequests;
int use_ipv6;
int aux_proxy_ipv6;
int bind_ipv6;
int bind_ipv4;
int accel;
int accelusrhost;
char accelhost[256];
unsigned int accelport;
int kalive;
int unr_con;
int to_con;
int nowarn;
int first;
};
#define MAX_CHILDS 1024
#define MAX_BACKLOG 64
#define MAX_PORTS 65535
#define MAX_UID 65535
#define MAX_GID MAX_UID
#define MAX_FSIZE 256*1024
This diff is collapsed.
# Process this file with autoconf to produce a configure script.
#
# $Id: configure.ac,v 1.4 2005/01/05 15:11:06 niklas Exp niklas $
#
AC_PREREQ(2.59)
AC_INIT([ffproxy],[1.6],[niklas@noxa.de])
AC_REVISION($Revision: 1.4 $)
AC_CONFIG_SRCDIR([main.c])
AC_CONFIG_HEADERS([configure.h])
# Checks for programs.
AC_PROG_CC
AC_PROG_INSTALL
# Checks for libraries.
AC_CHECK_LIB(nsl, gethostbyname)
AC_CHECK_LIB(socket, connect)
# Checks for header files.
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h syslog.h unistd.h])
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
# Checks for library functions.
AC_FUNC_FORK
AC_FUNC_MALLOC
AC_FUNC_SELECT_ARGTYPES
AC_TYPE_SIGNAL
AC_CHECK_FUNCS([dup2 gethostbyname inet_ntoa memset regcomp select socket strchr strncasecmp daemon])
AC_CONFIG_FILES([Makefile])
AC_OUTPUT
/*
* $Id: configure.h.in,v 1.1 2004/12/31 07:26:08 niklas Exp $
*/
#ifndef HAD_CONFIGURE_H
#define HAD_CONFIGURE_H 1
/* configure.h.in. Generated from configure.ac by autoheader. */
/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
/* Define to 1 if you have the `daemon' function. */
#undef HAVE_DAEMON
/* Define to 1 if you have the `dup2' function. */
#undef HAVE_DUP2
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
/* Define to 1 if you have the `fork' function. */
#undef HAVE_FORK
/* Define to 1 if you have the `gethostbyname' function. */
#undef HAVE_GETHOSTBYNAME
/* Define to 1 if you have the `inet_ntoa' function. */
#undef HAVE_INET_NTOA
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
to 0 otherwise. */
#undef HAVE_MALLOC
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the `memset' function. */
#undef HAVE_MEMSET
/* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H
/* Define to 1 if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
/* Define to 1 if you have the `regcomp' function. */
#undef HAVE_REGCOMP
/* Define to 1 if you have the `select' function. */
#undef HAVE_SELECT
/* Define to 1 if you have the `socket' function. */
#undef HAVE_SOCKET
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the `strchr' function. */
#undef HAVE_STRCHR
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the `strncasecmp' function. */
#undef HAVE_STRNCASECMP
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
/* Define to 1 if you have the <sys/socket.h> header file. */
#undef HAVE_SYS_SOCKET_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
#undef HAVE_SYS_WAIT_H
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to 1 if you have the `vfork' function. */
#undef HAVE_VFORK
/* Define to 1 if you have the <vfork.h> header file. */
#undef HAVE_VFORK_H
/* Define to 1 if `fork' works. */
#undef HAVE_WORKING_FORK
/* Define to 1 if `vfork' works. */
#undef HAVE_WORKING_VFORK
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */