On Tue, Nov 25, 2008 at 08:06:31PM +0100, Juliusz Chroboczek wrote:
> > A second thing, I have successfully applied my tunneling patches to this
> > version of polipo. Works perfectly - any chance to integrate this to
> > polipo?
>
> You'll have to remind me what that's about.
Tunnel blocking: selectively block tunneled connections through polipo.
Obviously it can only filter based on host names and ports, not by URL/path
based info.
Tested with https connections but might work for anything. Will add
documentation if you decide to integrate it.
Here is my "forbiddenTunnels" file as an example:
.*google-analytics\.com
www.googleadservices.com
www.massfuel.com
www.halfvalue.com
\.hitbox\.
\.liveperson\.
\.atdmt\.com
.*doubleclick\.net
.*webtrekk\.de
^count\..*
.*\.offerstrategy\.com
.*\.ivwbox\.de
.*adwords.*
.*\.sitestat\.com
\.xiti\.com
webtrekk\..*
Richard
--- polipo-1.0.0/tunnel.c.rz 2007-03-06 20:29:05.000000000 +0100
+++ polipo-1.0.0/tunnel.c 2007-11-28 20:20:20.000000000 +0100
@@ -151,6 +151,13 @@
}
tunnel->port = port;
+ if (tunnelIsMatched(url->string, url->length,
+ tunnel->hostname->string, tunnel->hostname->length)) {
+ releaseAtom(url);
+ tunnelError(tunnel, 404, internAtom("Forbidden tunnel"));
+ return;
+ }
+
releaseAtom(url);
if(socksParentProxy)
--- polipo-1.0.0/forbidden.c.rz 2007-03-06 20:29:05.000000000 +0100
+++ polipo-1.0.0/forbidden.c 2007-11-28 20:20:20.000000000 +0100
@@ -45,6 +45,11 @@
DomainPtr *uncachableDomains = NULL;
regex_t *uncachableRegex = NULL;
+AtomPtr forbiddenTunnelsFile = NULL;
+DomainPtr *forbiddenTunnelsDomains = NULL;
+regex_t *forbiddenTunnelsRegex = NULL;
+
+
/* these three are only used internally by {parse,read}DomainFile */
/* to avoid having to pass it all as parameters */
static DomainPtr *domains;
@@ -82,6 +87,9 @@
#endif
CONFIG_VARIABLE_SETTABLE(uncachableFile, CONFIG_ATOM, atomSetterForbidden,
"File specifying uncachable URLs.");
+
+ CONFIG_VARIABLE_SETTABLE(forbiddenTunnelsFile, CONFIG_ATOM,
atomSetterForbidden,
+ "File specifying forbidden tunnels.");
}
static int
@@ -331,9 +339,52 @@
parseDomainFile(uncachableFile, &uncachableDomains, &uncachableRegex);
+//
+ if(forbiddenTunnelsFile)
+ forbiddenTunnelsFile = expandTilde(forbiddenTunnelsFile);
+
+ if(forbiddenTunnelsFile == NULL) {
+ forbiddenTunnelsFile =
expandTilde(internAtom("~/.polipo-forbiddenTunnels"));
+ if(forbiddenTunnelsFile) {
+ if(access(forbiddenTunnelsFile->string, F_OK) < 0) {
+ releaseAtom(forbiddenTunnelsFile);
+ forbiddenTunnelsFile = NULL;
+ }
+ }
+ }
+
+ if(forbiddenTunnelsFile == NULL) {
+ if(access("/etc/polipo/forbiddenTunnels", F_OK) >= 0)
+ forbiddenTunnelsFile = internAtom("/etc/polipo/forbiddenTunnels");
+ }
+
+ parseDomainFile(forbiddenTunnelsFile, &forbiddenTunnelsDomains,
&forbiddenTunnelsRegex);
+//
+
return;
}
+int
+tunnelIsMatched(char *url, int lurl, char *hostname, int lhost)
+{
+ DomainPtr *domain, *domains;
+
+ domains=forbiddenTunnelsDomains;
+ if (domains) {
+ domain = domains;
+ while(*domain) {
+ if (memcmp(hostname, (*domain)->domain, (*domain)->length)==0)
+ return 1;
+ domain++;
+ }
+ }
+ if(forbiddenTunnelsRegex) {
+ if(!regexec(forbiddenTunnelsRegex, url, 0, NULL, 0))
+ return 1;
+ }
+ return 0;
+}
+
int
urlIsMatched(char *url, int length, DomainPtr *domains, regex_t *regex)
{
--- polipo-1.0.0/forbidden.h.rz 2007-11-28 20:22:38.000000000 +0100
+++ polipo-1.0.0/forbidden.h 2007-11-28 20:22:55.000000000 +0100
@@ -46,3 +46,5 @@
void redirectorTrigger(void);
int
runRedirector(pid_t *pid_return, int *read_fd_return, int *write_fd_return);
+
+int tunnelIsMatched(char *url, int lurl, char *hostname, int lhost);
--- polipo-20080907/local.c.rz2 2008-09-07 23:21:20.000000000 +0200
+++ polipo-20080907/local.c 2008-11-29 18:10:57.000000000 +0100
@@ -132,6 +132,12 @@
listServers(out);
}
+static void
+tunnelsList(FILE *out, char *dummy)
+{
+ listTunnels(out);
+}
+
static int
matchUrl(char *base, ObjectPtr object)
{
@@ -186,6 +192,7 @@
"<p><a href=\"status?\">Status report</a>.</p>\n"
"<p><a href=\"config?\">Current configuration</a>.</p>\n"
"<p><a href=\"servers?\">Known servers</a>.</p>\n"
+ "<p><a href=\"tunnels?\">Tunnels</a>.</p>\n"
#ifndef NO_DISK_CACHE
"<p><a href=\"index?\">Disk cache index</a>.</p>\n"
#endif
@@ -286,6 +293,10 @@
}
fillSpecialObject(object, serversList, NULL);
object->expires = current_time.tv_sec + 2;
+ }
+ else if(matchUrl("/polipo/tunnels", object)) {
+ fillSpecialObject(object, tunnelsList, NULL);
+ object->expires = current_time.tv_sec + 2;
} else {
abortObject(object, 404, internAtom("Not found"));
}
--- polipo-20080907/tunnel.c.rz2 2008-11-29 18:10:57.000000000 +0100
+++ polipo-20080907/tunnel.c 2008-11-29 18:13:04.000000000 +0100
@@ -22,6 +22,15 @@
#include "polipo.h"
+typedef struct _TunnelList {
+ char *hostname;
+ int port;
+ int connections;
+ struct _TunnelList *next;
+} TunnelList;
+
+TunnelList * tunnels=NULL;
+
#ifdef NO_TUNNEL
void
@@ -75,6 +84,39 @@
return buf->head == buf->tail;
}
+static void
+addListTunnel(TunnelPtr tunnel, int blocked)
+{
+ TunnelList *te, *tl, **p;
+
+ tl=tunnels;
+ p = &tunnels;
+ while(tl)
+ {
+ p=&(tl->next);
+ if (strncmp(tl->hostname, tunnel->hostname->string,
+ tunnel->hostname->length) == 0 &&
+ tl->port == tunnel->port) {
+ if (!blocked)
+ tl->connections++;
+ return;
+ }
+ tl=tl->next;
+ }
+
+ te = malloc(sizeof(TunnelList));
+ *p=te;
+
+ te->hostname = strndup(tunnel->hostname->string, tunnel->hostname->length);
+ te->port = tunnel->port;
+ te->next = NULL;
+ if (blocked)
+ te->connections=0;
+ else
+ te->connections=1;
+ printf("adding server %s %d\n", te->hostname, te->port);
+}
+
static TunnelPtr
makeTunnel(int fd, char *buf, int offset, int len)
{
@@ -155,14 +197,17 @@
return;
}
tunnel->port = port;
-
+
if (tunnelIsMatched(url->string, url->length,
tunnel->hostname->string, tunnel->hostname->length)) {
releaseAtom(url);
tunnelError(tunnel, 404, internAtom("Forbidden tunnel"));
+ addListTunnel(tunnel,1);
return;
}
+ addListTunnel(tunnel,0);
+
releaseAtom(url);
if(socksParentProxy)
@@ -549,3 +594,60 @@
return 1;
}
#endif
+
+void
+listTunnels(FILE *out)
+{
+ TunnelList *tunnel;
+ int entry;
+
+ fprintf(out, "<!DOCTYPE HTML PUBLIC "
+ "\"-//W3C//DTD HTML 4.01 Transitional//EN\" "
+ "\"http://www.w3.org/TR/html4/loose.dtd\";>\n"
+ "<html><head>\n"
+ "\r\n<title>Tunnels</title>\n"
+ "</head><body>\n"
+ "<h1>Allowed Tunnels</h1>\n");
+
+ alternatingHttpStyle(out, "tunnels");
+ fprintf(out, "<table id=tunnels>\n");
+ fprintf(out, "<thead><tr><th>Server</th>"
+ "<th>Port</th><th>Connections</th>"
+ "</tr></thead>\n");
+ fprintf(out, "<tbody>\n");
+ tunnel = tunnels;
+ entry = 0;
+ while(tunnel) {
+ if (tunnel->connections>0){
+ fprintf(out, "<tr class=\"%s\">", entry % 2 == 0 ? "even" : "odd");
+ fprintf(out, "<td>%s</td><td>%d</td>", tunnel->hostname, tunnel->port);
+ fprintf(out, "<td>%d</td>", tunnel->connections);
+ fprintf(out, "</tr>\n");
+ }
+ tunnel = tunnel->next;
+ entry++;
+ }
+ fprintf(out, "</tbody></table>\n");
+
+ fprintf(out, "<h1>Blocked Tunnels</h1>\n");
+ fprintf(out, "<table id=tunnels>\n");
+ fprintf(out, "<thead><tr><th>Server</th>"
+ "<th>Port</th>"
+ "</tr></thead>\n");
+ fprintf(out, "<tbody>\n");
+ tunnel = tunnels;
+ entry = 0;
+ entry = 0;
+ while(tunnel) {
+ if (tunnel->connections==0){
+ fprintf(out, "<tr class=\"%s\">", entry % 2 == 0 ? "even" : "odd");
+ fprintf(out, "<td>%s</td><td>%d</td>", tunnel->hostname, tunnel->port);
+ fprintf(out, "</tr>\n");
+ }
+ tunnel = tunnel->next;
+ entry++;
+ }
+ fprintf(out, "</tbody></table>\n");
+ fprintf(out, "<p><a href=\"/polipo/\">back</a></p>");
+ fprintf(out, "</body></html>\n");
+}
--- polipo-20080907/tunnel.h.rz2 2008-09-07 23:21:20.000000000 +0200
+++ polipo-20080907/tunnel.h 2008-11-29 18:10:57.000000000 +0100
@@ -47,4 +47,4 @@
void do_tunnel(int fd, char *buf, int offset, int len, AtomPtr url);
-
+void listTunnels(FILE *out);
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Polipo-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/polipo-users
