From 2411f7958230e53b55ff398c9251643263ea80e3 Mon Sep 17 00:00:00 2001
From: Soner Tari <sonertari@gmail.com>
Date: Thu, 27 Jul 2017 17:50:45 +0300
Subject: [PATCH] Add plain or ssl info to SSLproxy specific header line Fix
 child eof bug Flickr keeps redirecting to https with 301 unless we remove the
 Via line of squid, so apparently flickr assumes the existence of Via header
 field or squid keyword a sign of plain http, even if we are using https Also
 do not send the loopback address to the Internet Other fixes

---
 pxyconn.c   | 36 ++++++++++++++++++++++++------------
 pxythrmgr.c |  4 ++--
 2 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/pxyconn.c b/pxyconn.c
index 4948ac7..2f15798 100644
--- a/pxyconn.c
+++ b/pxyconn.c
@@ -455,7 +455,8 @@ pxy_conn_free(pxy_conn_ctx_t *ctx, int by_requestor)
 	pxy_conn_desc_t *src = &ctx->src;
 	if (!src->closed) {
 		if (src->bev) {
-			log_dbg_level_printf(LOG_DBG_MODE_FINER, ">############################# pxy_conn_free: bufferevent_free_and_close_fd src->bev, fd=%d\n", bufferevent_getfd(src->bev));
+			log_dbg_level_printf(LOG_DBG_MODE_FINER, ">############################# pxy_conn_free: bufferevent_free_and_close_fd src->bev, i:%zu o:%zu, fd=%d\n",
+					evbuffer_get_length(bufferevent_get_input(src->bev)), evbuffer_get_length(bufferevent_get_output(src->bev)), bufferevent_getfd(src->bev));
 			bufferevent_free_and_close_fd(src->bev, ctx);
 			src->bev = NULL;
 		} else {
@@ -474,7 +475,8 @@ pxy_conn_free(pxy_conn_ctx_t *ctx, int by_requestor)
 
 	pxy_conn_desc_t *dst = &ctx->dst;
 	if (dst->bev) {
-		log_dbg_level_printf(LOG_DBG_MODE_FINER, ">############################# pxy_conn_free: bufferevent_free_and_close_fd dst->bev, fd=%d\n", bufferevent_getfd(dst->bev));
+		log_dbg_level_printf(LOG_DBG_MODE_FINER, ">############################# pxy_conn_free: bufferevent_free_and_close_fd dst->bev, i:%zu o:%zu, fd=%d\n",
+				evbuffer_get_length(bufferevent_get_input(dst->bev)), evbuffer_get_length(bufferevent_get_output(dst->bev)), bufferevent_getfd(dst->bev));
 		bufferevent_free_and_close_fd_nonssl(dst->bev, ctx);
 		dst->bev = NULL;
 	}
@@ -1349,8 +1351,8 @@ pxy_bufferevent_setup(pxy_conn_ctx_t *ctx, evutil_socket_t fd, SSL *ssl)
 	if (ssl) {
 		log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_bufferevent_setup: bufferevent_openssl_socket_new <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL\n");
 		bev = bufferevent_openssl_socket_new(ctx->evbase, fd, ssl,
-				((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING),
-				BEV_OPT_DEFER_CALLBACKS);
+				((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS);
+//				((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), 0);
 	} else {
 		// @todo Do we really need to defer callbacks? BEV_OPT_DEFER_CALLBACKS seems responsible for the issue with srv_dst: We get writecb sometimes, no eventcb for CONNECTED event
 		bev = bufferevent_socket_new(ctx->evbase, fd, BEV_OPT_DEFER_CALLBACKS);
@@ -1395,8 +1397,10 @@ pxy_bufferevent_setup_child(pxy_conn_child_ctx_t *ctx, evutil_socket_t fd, SSL *
 		log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_bufferevent_setup_child: bufferevent_openssl_socket_new <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL child\n");
 		bev = bufferevent_openssl_socket_new(ctx->parent->evbase, fd, ssl,
 				((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS);
+//				((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), 0);
 	} else {
 		bev = bufferevent_socket_new(ctx->parent->evbase, fd, BEV_OPT_DEFER_CALLBACKS);
+//		bev = bufferevent_socket_new(ctx->parent->evbase, fd, 0);
 	}
 	if (!bev) {
 		log_err_printf("Error creating bufferevent socket\n");
@@ -1497,11 +1501,15 @@ pxy_http_reqhdr_filter_line(const char *line, pxy_conn_ctx_t *ctx, int child)
 			}
 			return newhdr;
 		} else if (!strncasecmp(line, "Accept-Encoding:", 16) ||
-		           !strncasecmp(line, "Keep-Alive:", 11)) {
-			return NULL;
-		} else if (child && !strncasecmp(line, SSLPROXY_ADDR_KEY, SSLPROXY_ADDR_KEY_LEN)) {
+		           !strncasecmp(line, "Keep-Alive:", 11) ||
+				   // @attention flickr keeps redirecting to https with 301 unless we remove the Via line of squid
+				   // Apparently flickr assumes the existence of Via header field or squid keyword a sign of plain http, even if we are using https
+		           !strncasecmp(line, "Via:", 4) ||
+				   // Also do not send the loopback address to the Internet
+		           !strncasecmp(line, "X-Forwarded-For:", 16)) {
 			return NULL;
-		} else if (child && !strncasecmp(line, SSLPROXY_SRCADDR_KEY, SSLPROXY_SRCADDR_KEY_LEN)) {
+		} else if (child && (!strncasecmp(line, SSLPROXY_ADDR_KEY, SSLPROXY_ADDR_KEY_LEN) ||
+				   !strncasecmp(line, SSLPROXY_SRCADDR_KEY, SSLPROXY_SRCADDR_KEY_LEN))) {
 			return NULL;
 		} else if (line[0] == '\0') {
 			ctx->seen_req_header = 1;
@@ -1763,6 +1771,7 @@ pxy_conn_autossl_peek_and_upgrade(pxy_conn_ctx_t *ctx)
 			               ctx->evbase, ctx->srv_dst.bev, ctx->srv_dst.ssl,
 			               BUFFEREVENT_SSL_CONNECTING,
 			               BEV_OPT_DEFER_CALLBACKS);
+//			               0);
 			bufferevent_setcb(ctx->srv_dst.bev, pxy_bev_readcb,
 			                  pxy_bev_writecb, pxy_bev_eventcb,
 			                  ctx);
@@ -2374,7 +2383,7 @@ pxy_conn_connect_child(pxy_conn_child_ctx_t *ctx)
 	/* create server-side socket and eventbuffer */
 	// Children rely on the findings of parent
 	if ((parent->spec->ssl || parent->clienthello_found) && !parent->passthrough) {
-		log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_conn_connect_child: pxy_srcssl_create <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL\n");
+		log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_conn_connect_child: pxy_dstssl_create <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL\n");
 		ctx->dst.ssl = pxy_dstssl_create(parent);
 		if (!ctx->dst.ssl) {
 			log_dbg_level_printf(LOG_DBG_MODE_FINE, ">>>>> pxy_conn_connect_child: Error creating SSL ctx->dst.ssl, fd=%d\n", ctx->fd);
@@ -2392,6 +2401,7 @@ pxy_conn_connect_child(pxy_conn_child_ctx_t *ctx)
 					   parent->evbase, ctx->dst.bev, ctx->dst.ssl,
 					   BUFFEREVENT_SSL_ACCEPTING,
 					   BEV_OPT_DEFER_CALLBACKS);
+//					   0);
 		if (ctx->dst.bev) {
 			bufferevent_setcb(ctx->dst.bev, pxy_bev_readcb_child, pxy_bev_writecb_child, pxy_bev_eventcb_child, ctx);
 		}
@@ -2553,6 +2563,7 @@ pxy_connected_enable(struct bufferevent *bev, pxy_conn_ctx_t *ctx, char *event_n
 			               ctx->evbase, ctx->src.bev, ctx->src.ssl,
 			               BUFFEREVENT_SSL_ACCEPTING,
 			               BEV_OPT_DEFER_CALLBACKS);
+//			               0);
 		} else {
 			log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_connected_enable: SETUP src.bev fd=%d\n", fd);
 			ctx->src.bev = pxy_bufferevent_setup(ctx, fd, ctx->src.ssl);
@@ -2697,13 +2708,14 @@ pxy_connected_enable(struct bufferevent *bev, pxy_conn_ctx_t *ctx, char *event_n
 		}
 		snprintf(ctx->child_addr_str, addr_len, "%s [%s]:%u", SSLPROXY_ADDR_KEY, addr, ntohs(child_listener_addr.sin_port));
 
-		int src_addr_len = SSLPROXY_SRCADDR_KEY_LEN + 1 + strlen(ctx->srchost_str) + strlen(ctx->srcport_str) + 3 + 1;
+		// SSLproxy-SrcAddr: [192.168.3.23]:49260,s
+		int src_addr_len = SSLPROXY_SRCADDR_KEY_LEN + 2 + strlen(ctx->srchost_str) + 2 + strlen(ctx->srcport_str) + 1 + 1 + 1;
 		ctx->src_addr_str = malloc(src_addr_len);
 		if (!ctx->src_addr_str) {
 			pxy_conn_free(ctx, 1);
 			return 0;
 		}
-		snprintf(ctx->src_addr_str, src_addr_len, "%s [%s]:%s", SSLPROXY_SRCADDR_KEY, ctx->srchost_str, ctx->srcport_str);
+		snprintf(ctx->src_addr_str, src_addr_len, "%s [%s]:%s,%s", SSLPROXY_SRCADDR_KEY, ctx->srchost_str, ctx->srcport_str, ctx->spec->ssl ? "s":"p");
 
 		log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>=================================== pxy_connected_enable: ENABLE src, child_addr= %s, fd=%d, child_fd=%d\n", ctx->child_addr_str, fd, ctx->child_fd);
 
@@ -3179,7 +3191,7 @@ pxy_bev_eventcb_child(struct bufferevent *bev, short events, void *arg)
 			 * handle it here, otherwise it will be lost. */
 			if (evbuffer_get_length(bufferevent_get_input(bev))) {
 				log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_bev_eventcb_child: evbuffer_get_length(inbuf) > 0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< CHILD TERM, fd=%d, pfd=%d\n", ctx->fd, parent->fd);
-				pxy_bev_readcb(bev, ctx);
+				pxy_bev_readcb_child(bev, ctx);
 			}
 			/* if the other end is still open and doesn't
 			 * have data to send, close it, otherwise its
diff --git a/pxythrmgr.c b/pxythrmgr.c
index 71d65a8..1ca6c50 100644
--- a/pxythrmgr.c
+++ b/pxythrmgr.c
@@ -90,7 +90,7 @@ pxy_thrmgr_print_child(pxy_conn_child_ctx_t *child_ctx, int count)
 	rv = asprintf(&msg, "thr=%d, cont=%d, src=%d, dst=%d, c=%d-%d, i=%d\n", 
 			child_ctx->parent->thr->thridx, count, child_ctx->src_fd, child_ctx->dst_fd, child_ctx->src.closed, child_ctx->dst.closed, child_ctx->idx);
 
-	log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>> .......... pxy_thrmgr_print_child: %s\n", msg);
+	log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>> .......... pxy_thrmgr_print_child: %s", msg);
 	if (child_ctx->parent->opts->statslog) {
 		if (log_stats_print_free(msg) == -1) {
 			free(msg);
@@ -141,7 +141,7 @@ pxy_thrmgr_print_thr_info(pxy_thr_ctx_t *tctx)
 				free(port);
 			}
 
-			log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>> pxy_thrmgr_print_thr_info: %s\n", msg);
+			log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>> pxy_thrmgr_print_thr_info: %s", msg);
 			
 			if (ctx->opts->statslog) {
 				if (log_stats_print_free(msg) == -1) {