Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add plain or ssl info to SSLproxy specific header line

Browse Source 
Fix child eof bug
Flickr keeps redirecting to https with 301 unless we remove the Via line of squid, so apparently flickr assumes the existence of Via header field or squid keyword a sign of plain http, even if we are using https
Also do not send the loopback address to the Internet
Other fixes
pull/13/head
Soner Tari 7 years ago
parent 67ddee1585
commit 2411f79582
2 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File

36
pxyconn.c
Unescape Escape View File

@ -455,7 +455,8 @@ pxy_conn_free(pxy_conn_ctx_t *ctx, int by_requestor)
pxy_conn_desc_t *src = &ctx->src; pxy_conn_desc_t *src = &ctx->src;
if (!src->closed) { if (!src->closed) {
if (src->bev) { if (src->bev) {
log_dbg_level_printf(LOG_DBG_MODE_FINER, ">############################# pxy_conn_free: bufferevent_free_and_close_fd src->bev, fd=%d\n", bufferevent_getfd(src->bev)); log_dbg_level_printf(LOG_DBG_MODE_FINER, ">############################# pxy_conn_free: bufferevent_free_and_close_fd src->bev, i:%zu o:%zu, fd=%d\n",
evbuffer_get_length(bufferevent_get_input(src->bev)), evbuffer_get_length(bufferevent_get_output(src->bev)), bufferevent_getfd(src->bev));
bufferevent_free_and_close_fd(src->bev, ctx); bufferevent_free_and_close_fd(src->bev, ctx);
src->bev = NULL; src->bev = NULL;
} else { } else {
@ -474,7 +475,8 @@ pxy_conn_free(pxy_conn_ctx_t *ctx, int by_requestor)
pxy_conn_desc_t *dst = &ctx->dst; pxy_conn_desc_t *dst = &ctx->dst;
if (dst->bev) { if (dst->bev) {
log_dbg_level_printf(LOG_DBG_MODE_FINER, ">############################# pxy_conn_free: bufferevent_free_and_close_fd dst->bev, fd=%d\n", bufferevent_getfd(dst->bev)); log_dbg_level_printf(LOG_DBG_MODE_FINER, ">############################# pxy_conn_free: bufferevent_free_and_close_fd dst->bev, i:%zu o:%zu, fd=%d\n",
evbuffer_get_length(bufferevent_get_input(dst->bev)), evbuffer_get_length(bufferevent_get_output(dst->bev)), bufferevent_getfd(dst->bev));
bufferevent_free_and_close_fd_nonssl(dst->bev, ctx); bufferevent_free_and_close_fd_nonssl(dst->bev, ctx);
dst->bev = NULL; dst->bev = NULL;
} }
@ -1349,8 +1351,8 @@ pxy_bufferevent_setup(pxy_conn_ctx_t *ctx, evutil_socket_t fd, SSL *ssl)
if (ssl) { if (ssl) {
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_bufferevent_setup: bufferevent_openssl_socket_new <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL\n"); log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_bufferevent_setup: bufferevent_openssl_socket_new <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL\n");
bev = bufferevent_openssl_socket_new(ctx->evbase, fd, ssl, bev = bufferevent_openssl_socket_new(ctx->evbase, fd, ssl,
((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), ((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS);
BEV_OPT_DEFER_CALLBACKS); // ((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), 0);
} else { } else {
// @todo Do we really need to defer callbacks? BEV_OPT_DEFER_CALLBACKS seems responsible for the issue with srv_dst: We get writecb sometimes, no eventcb for CONNECTED event // @todo Do we really need to defer callbacks? BEV_OPT_DEFER_CALLBACKS seems responsible for the issue with srv_dst: We get writecb sometimes, no eventcb for CONNECTED event
bev = bufferevent_socket_new(ctx->evbase, fd, BEV_OPT_DEFER_CALLBACKS); bev = bufferevent_socket_new(ctx->evbase, fd, BEV_OPT_DEFER_CALLBACKS);
@ -1395,8 +1397,10 @@ pxy_bufferevent_setup_child(pxy_conn_child_ctx_t *ctx, evutil_socket_t fd, SSL *
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_bufferevent_setup_child: bufferevent_openssl_socket_new <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL child\n"); log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_bufferevent_setup_child: bufferevent_openssl_socket_new <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL child\n");
bev = bufferevent_openssl_socket_new(ctx->parent->evbase, fd, ssl, bev = bufferevent_openssl_socket_new(ctx->parent->evbase, fd, ssl,
((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS); ((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS);
// ((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), 0);
} else { } else {
bev = bufferevent_socket_new(ctx->parent->evbase, fd, BEV_OPT_DEFER_CALLBACKS); bev = bufferevent_socket_new(ctx->parent->evbase, fd, BEV_OPT_DEFER_CALLBACKS);
// bev = bufferevent_socket_new(ctx->parent->evbase, fd, 0);
} }
if (!bev) { if (!bev) {
log_err_printf("Error creating bufferevent socket\n"); log_err_printf("Error creating bufferevent socket\n");
@ -1497,11 +1501,15 @@ pxy_http_reqhdr_filter_line(const char *line, pxy_conn_ctx_t *ctx, int child)
} }
return newhdr; return newhdr;
} else if (!strncasecmp(line, "Accept-Encoding:", 16) || } else if (!strncasecmp(line, "Accept-Encoding:", 16) ||
!strncasecmp(line, "Keep-Alive:", 11)) { !strncasecmp(line, "Keep-Alive:", 11) ||
return NULL; // @attention flickr keeps redirecting to https with 301 unless we remove the Via line of squid
} else if (child && !strncasecmp(line, SSLPROXY_ADDR_KEY, SSLPROXY_ADDR_KEY_LEN)) { // Apparently flickr assumes the existence of Via header field or squid keyword a sign of plain http, even if we are using https
!strncasecmp(line, "Via:", 4) ||
// Also do not send the loopback address to the Internet
!strncasecmp(line, "X-Forwarded-For:", 16)) {
return NULL; return NULL;
} else if (child && !strncasecmp(line, SSLPROXY_SRCADDR_KEY, SSLPROXY_SRCADDR_KEY_LEN)) { } else if (child && (!strncasecmp(line, SSLPROXY_ADDR_KEY, SSLPROXY_ADDR_KEY_LEN) ||
!strncasecmp(line, SSLPROXY_SRCADDR_KEY, SSLPROXY_SRCADDR_KEY_LEN))) {
return NULL; return NULL;
} else if (line[0] == '\0') { } else if (line[0] == '\0') {
ctx->seen_req_header = 1; ctx->seen_req_header = 1;
@ -1763,6 +1771,7 @@ pxy_conn_autossl_peek_and_upgrade(pxy_conn_ctx_t *ctx)
ctx->evbase, ctx->srv_dst.bev, ctx->srv_dst.ssl, ctx->evbase, ctx->srv_dst.bev, ctx->srv_dst.ssl,
BUFFEREVENT_SSL_CONNECTING, BUFFEREVENT_SSL_CONNECTING,
BEV_OPT_DEFER_CALLBACKS); BEV_OPT_DEFER_CALLBACKS);
// 0);
bufferevent_setcb(ctx->srv_dst.bev, pxy_bev_readcb, bufferevent_setcb(ctx->srv_dst.bev, pxy_bev_readcb,
pxy_bev_writecb, pxy_bev_eventcb, pxy_bev_writecb, pxy_bev_eventcb,
ctx); ctx);
@ -2374,7 +2383,7 @@ pxy_conn_connect_child(pxy_conn_child_ctx_t *ctx)
/* create server-side socket and eventbuffer */ /* create server-side socket and eventbuffer */
// Children rely on the findings of parent // Children rely on the findings of parent
if ((parent->spec->ssl || parent->clienthello_found) && !parent->passthrough) { if ((parent->spec->ssl || parent->clienthello_found) && !parent->passthrough) {
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_conn_connect_child: pxy_srcssl_create <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL\n"); log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_conn_connect_child: pxy_dstssl_create <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SSL\n");
ctx->dst.ssl = pxy_dstssl_create(parent); ctx->dst.ssl = pxy_dstssl_create(parent);
if (!ctx->dst.ssl) { if (!ctx->dst.ssl) {
log_dbg_level_printf(LOG_DBG_MODE_FINE, ">>>>> pxy_conn_connect_child: Error creating SSL ctx->dst.ssl, fd=%d\n", ctx->fd); log_dbg_level_printf(LOG_DBG_MODE_FINE, ">>>>> pxy_conn_connect_child: Error creating SSL ctx->dst.ssl, fd=%d\n", ctx->fd);
@ -2392,6 +2401,7 @@ pxy_conn_connect_child(pxy_conn_child_ctx_t *ctx)
parent->evbase, ctx->dst.bev, ctx->dst.ssl, parent->evbase, ctx->dst.bev, ctx->dst.ssl,
BUFFEREVENT_SSL_ACCEPTING, BUFFEREVENT_SSL_ACCEPTING,
BEV_OPT_DEFER_CALLBACKS); BEV_OPT_DEFER_CALLBACKS);
// 0);
if (ctx->dst.bev) { if (ctx->dst.bev) {
bufferevent_setcb(ctx->dst.bev, pxy_bev_readcb_child, pxy_bev_writecb_child, pxy_bev_eventcb_child, ctx); bufferevent_setcb(ctx->dst.bev, pxy_bev_readcb_child, pxy_bev_writecb_child, pxy_bev_eventcb_child, ctx);
} }
@ -2553,6 +2563,7 @@ pxy_connected_enable(struct bufferevent *bev, pxy_conn_ctx_t *ctx, char *event_n
ctx->evbase, ctx->src.bev, ctx->src.ssl, ctx->evbase, ctx->src.bev, ctx->src.ssl,
BUFFEREVENT_SSL_ACCEPTING, BUFFEREVENT_SSL_ACCEPTING,
BEV_OPT_DEFER_CALLBACKS); BEV_OPT_DEFER_CALLBACKS);
// 0);
} else { } else {
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_connected_enable: SETUP src.bev fd=%d\n", fd); log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_connected_enable: SETUP src.bev fd=%d\n", fd);
ctx->src.bev = pxy_bufferevent_setup(ctx, fd, ctx->src.ssl); ctx->src.bev = pxy_bufferevent_setup(ctx, fd, ctx->src.ssl);
@ -2697,13 +2708,14 @@ pxy_connected_enable(struct bufferevent *bev, pxy_conn_ctx_t *ctx, char *event_n
} }
snprintf(ctx->child_addr_str, addr_len, "%s [%s]:%u", SSLPROXY_ADDR_KEY, addr, ntohs(child_listener_addr.sin_port)); snprintf(ctx->child_addr_str, addr_len, "%s [%s]:%u", SSLPROXY_ADDR_KEY, addr, ntohs(child_listener_addr.sin_port));
int src_addr_len = SSLPROXY_SRCADDR_KEY_LEN + 1 + strlen(ctx->srchost_str) + strlen(ctx->srcport_str) + 3 + 1; // SSLproxy-SrcAddr: [192.168.3.23]:49260,s
int src_addr_len = SSLPROXY_SRCADDR_KEY_LEN + 2 + strlen(ctx->srchost_str) + 2 + strlen(ctx->srcport_str) + 1 + 1 + 1;
ctx->src_addr_str = malloc(src_addr_len); ctx->src_addr_str = malloc(src_addr_len);
if (!ctx->src_addr_str) { if (!ctx->src_addr_str) {
pxy_conn_free(ctx, 1); pxy_conn_free(ctx, 1);
return 0; return 0;
} }
snprintf(ctx->src_addr_str, src_addr_len, "%s [%s]:%s", SSLPROXY_SRCADDR_KEY, ctx->srchost_str, ctx->srcport_str); snprintf(ctx->src_addr_str, src_addr_len, "%s [%s]:%s,%s", SSLPROXY_SRCADDR_KEY, ctx->srchost_str, ctx->srcport_str, ctx->spec->ssl ? "s":"p");
log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>=================================== pxy_connected_enable: ENABLE src, child_addr= %s, fd=%d, child_fd=%d\n", ctx->child_addr_str, fd, ctx->child_fd); log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>=================================== pxy_connected_enable: ENABLE src, child_addr= %s, fd=%d, child_fd=%d\n", ctx->child_addr_str, fd, ctx->child_fd);
@ -3179,7 +3191,7 @@ pxy_bev_eventcb_child(struct bufferevent *bev, short events, void *arg)
* handle it here, otherwise it will be lost. */ * handle it here, otherwise it will be lost. */
if (evbuffer_get_length(bufferevent_get_input(bev))) { if (evbuffer_get_length(bufferevent_get_input(bev))) {
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_bev_eventcb_child: evbuffer_get_length(inbuf) > 0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< CHILD TERM, fd=%d, pfd=%d\n", ctx->fd, parent->fd); log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_bev_eventcb_child: evbuffer_get_length(inbuf) > 0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< CHILD TERM, fd=%d, pfd=%d\n", ctx->fd, parent->fd);
pxy_bev_readcb(bev, ctx); pxy_bev_readcb_child(bev, ctx);
} }
/* if the other end is still open and doesn't /* if the other end is still open and doesn't
* have data to send, close it, otherwise its * have data to send, close it, otherwise its

4
pxythrmgr.c
Unescape Escape View File

@ -90,7 +90,7 @@ pxy_thrmgr_print_child(pxy_conn_child_ctx_t *child_ctx, int count)
rv = asprintf(&msg, "thr=%d, cont=%d, src=%d, dst=%d, c=%d-%d, i=%d\n", rv = asprintf(&msg, "thr=%d, cont=%d, src=%d, dst=%d, c=%d-%d, i=%d\n",
child_ctx->parent->thr->thridx, count, child_ctx->src_fd, child_ctx->dst_fd, child_ctx->src.closed, child_ctx->dst.closed, child_ctx->idx); child_ctx->parent->thr->thridx, count, child_ctx->src_fd, child_ctx->dst_fd, child_ctx->src.closed, child_ctx->dst.closed, child_ctx->idx);
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>> .......... pxy_thrmgr_print_child: %s\n", msg); log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>> .......... pxy_thrmgr_print_child: %s", msg);
if (child_ctx->parent->opts->statslog) { if (child_ctx->parent->opts->statslog) {
if (log_stats_print_free(msg) == -1) { if (log_stats_print_free(msg) == -1) {
free(msg); free(msg);
@ -141,7 +141,7 @@ pxy_thrmgr_print_thr_info(pxy_thr_ctx_t *tctx)
free(port); free(port);
} }
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>> pxy_thrmgr_print_thr_info: %s\n", msg); log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>> pxy_thrmgr_print_thr_info: %s", msg);
if (ctx->opts->statslog) { if (ctx->opts->statslog) {
if (log_stats_print_free(msg) == -1) { if (log_stats_print_free(msg) == -1) {

Write Preview
Loading…
Cancel
Save