Remove SSL proxy specific header line from the packet on the egress exit

Insert our header line right after the first header line in the packet in case the packet is fragmented, otherwise Squid is confused when it cannot find our header line in the first packet
This commit is contained in:
Soner Tari 2017-06-13 12:42:10 +03:00
parent ad63380b07
commit d71533f0b9

View File

@ -2084,23 +2084,37 @@ pxy_bev_readcb(struct bufferevent *bev, void *arg)
packet[packet_size] = '\0'; packet[packet_size] = '\0';
packet_size+= custom_field_len; packet_size+= custom_field_len;
char *pos = strstr(packet, "\r\n\r\n"); // XXX: We insert our special header line to each packet we get, right after the first \r\n, hence the target may get multiple copies
if (pos) { // TODO: To our header line to the first packet, should we look for GET/POST or Host header lines to insert our header field?
char *content = strdup(pos); // But there is no guarantie that they will exist, due to fragmentation
int header_len = pos - packet;
char *header = malloc(header_len + 1);
strncpy(header, packet, header_len);
header[header_len] = '\0';
snprintf(packet, packet_size, "%s%s%s", header, custom_field, content); // ATTENTION: We cannot append the ssl proxy address at the end of the packet or in between the header and the content,
// because (1) the packet may be just the first fragment split somewhere not appropriate for appending a header,
// and (2) there may not be any content
free(header); char *pos2 = strstr(packet, "\r\n");
free(content); if (pos2) {
char *header_tail = strdup(pos2);
int header_head_len = pos2 - packet;
char *header_head = malloc(header_head_len + 1);
strncpy(header_head, packet, header_head_len);
header_head[header_head_len] = '\0';
snprintf(packet, packet_size, "%s%s%s", header_head, custom_field, header_tail);
free(header_head);
free(header_tail);
} else {
log_dbg_printf(">>>>>,,,,,,,,,,,,,,,,,,,,,,, pxy_bev_readcb: No CRNL in packet\n");
packet_size-= custom_field_len;
packet_size++;
} }
free(custom_field); free(custom_field);
struct evbuffer *e2outbuf = bufferevent_get_output(ctx->e2src.bev); struct evbuffer *e2outbuf = bufferevent_get_output(ctx->e2src.bev);
// Decrement packet_size to avoid copying the null termination
int add_result = evbuffer_add(e2outbuf, packet, packet_size - 1); int add_result = evbuffer_add(e2outbuf, packet, packet_size - 1);
if (add_result < 0) { if (add_result < 0) {
log_err_printf("ERROR: evbuffer_add failed\n"); log_err_printf("ERROR: evbuffer_add failed\n");
@ -2222,7 +2236,8 @@ pxy_bev_readcb_e2(struct bufferevent *bev, void *arg)
} }
size_t packet_size = evbuffer_get_length(e2outbuf); size_t packet_size = evbuffer_get_length(e2outbuf);
char *packet = malloc(packet_size); // ATTENTION: +1 is for null termination
char *packet = malloc(packet_size + 1);
if (!packet) { if (!packet) {
ctx->enomem = 1; ctx->enomem = 1;
goto leave; goto leave;
@ -2236,6 +2251,32 @@ pxy_bev_readcb_e2(struct bufferevent *bev, void *arg)
log_err_printf("ERROR: evbuffer_remove cannot drain the buffer\n"); log_err_printf("ERROR: evbuffer_remove cannot drain the buffer\n");
} }
packet[packet_size] = '\0';
char *pos = strstr(packet, "SSLproxy-Addr: ");
if (pos) {
int header_head_len = pos - packet;
char *header_head = malloc(header_head_len + 1);
strncpy(header_head, packet, header_head_len);
header_head[header_head_len] = '\0';
char *pos2 = strstr(pos, "\r\n");
if (pos2) {
char *header_tail = strdup(pos2 + 2);
int header_tail_len = strlen(header_tail);
log_dbg_printf(">>>>>....................... pxy_bev_readcb_e2: REMOVED SSLproxy-Addr header field <<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
// ATTENTION: Do not add 1 to packet_size for null termination, do that in snprintf(),
// otherwise we get an extra byte in the outbuf
packet_size = header_head_len + header_tail_len;
snprintf(packet, packet_size + 1, "%s%s", header_head, header_tail);
free(header_tail);
}
free(header_head);
}
log_dbg_printf(">>>>>....................... pxy_bev_readcb_e2: bufferevent_get_output\n"); log_dbg_printf(">>>>>....................... pxy_bev_readcb_e2: bufferevent_get_output\n");
struct evbuffer *outbuf = bufferevent_get_output(ctx->dst.bev); struct evbuffer *outbuf = bufferevent_get_output(ctx->dst.bev);