debian/0000755000000000000000000000000012222344003007156 5ustar debian/postrm0000644000000000000000000000054312222336271010437 0ustar #!/bin/sh # # postrm script for ffproxy # set -e if [ "$1" = "purge" ]; then if which ucf >/dev/null; then ucf --purge /etc/ffproxy/ffproxy.conf fi if which ucfr >/dev/null; then ucfr --purge ffproxy /etc/ffproxy/ffproxy.conf fi if [ -d /etc/ffproxy ]; then rm -rf /etc/ffproxy fi fi #DEBHELPER# exit 0 debian/source.lintian-overrides0000644000000000000000000000010211657565177014063 0ustar ffproxy source: package-needs-versioned-debhelper-build-depends 9 debian/watch0000644000000000000000000000011711074351331010214 0ustar version=3 http://ffproxy.sourceforge.net/ffproxy/ffproxy-([.0-9]*)\.tar\.gz debian/init.d0000644000000000000000000000710311711014013010264 0ustar #!/bin/sh # # ffproxy This init.d script is used to start ffproxy # ### BEGIN INIT INFO # Provides: ffproxy # Required-Start: $remote_fs $network $syslog # Required-Stop: $remote_fs $network $syslog # Should-Start: $named # Should-Stop: $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start, stop or reload ffproxy # Description: ffproxy is a light and customizable http(s) proxy server ### END INIT INFO # Edit /etc/default/ffproxy to change this. FFPROXY_START=yes FFPROXY_USECHROOT=yes FFPROXY_USER=nobody FFPROXY_GROUP=nogroup FFPROXY_OPTS= # Do not edit vars below FFPROXY_CHROOT=/var/lib/ffproxy FFPROXY_CONFDIR=/etc/ffproxy FFPROXY_PID=/var/run/ffproxy.pid PATH=/sbin:/bin:/usr/sbin:/usr/bin FFPROXY=/usr/bin/ffproxy NAME=ffproxy DESC="http(s) proxy server" VERBOSE=no if [ ! -x "$FFPROXY" ]; then exit 0 fi # loading lsb functions . /lib/lsb/init-functions # Override root's umask while invoking this script umask 0022 # Include ffproxy defaults if available if [ -f /etc/default/ffproxy ]; then . /etc/default/ffproxy fi # Include rcS defaults if [ -f /etc/default/rcS ]; then . /etc/default/rcS fi if [ "$FFPROXY_START" = "no" ] && [ "$1" != "stop" ]; then if [ "$VERBOSE" != "no" ]; then log_daemon_msg "Not starting ffproxy - edit /etc/default/ffproxy and change FFPROXY_START to be 'yes'." fi exit 0 fi update_chroot() { if [ ! -d "$FFPROXY_CHROOT" ]; then mkdir -p "$FFPROXY_CHROOT" fi for f in /etc/localtime /etc/hosts /etc/resolv.conf /etc/nsswitch.conf \ $(find "$FFPROXY_CONFDIR" -type f) /lib/*/libns*so* /lib/*/libresolv*so* ; do d=$(dirname "$f") if [ ! -d "$FFPROXY_CHROOT/$d" ]; then mkdir -p "$FFPROXY_CHROOT/$d" fi if [ -e "$FFPROXY_CHROOT/$f" ]; then rm -f "$FFPROXY_CHROOT/$f" fi cp "$f" "$FFPROXY_CHROOT/$f" done } delete_chroot() { rm -rf "$FFPROXY_CHROOT" } do_start() { if [ "$FFPROXY_USECHROOT" = "yes" ]; then update_chroot FFPROXY_OPTS="$FFPROXY_OPTS -r $FFPROXY_CHROOT -D $FFPROXY_CONFDIR" else FFPROXY_OPTS="$FFPROXY_OPTS -D $FFPROXY_CONFDIR" fi if [ -n "$FFPROXY_USER" ] && [ -n "$FFPROXY_GROUP" ]; then FFPROXY_OPTS="$FFPROXY_OPTS -u $FFPROXY_USER -g $FFPROXY_GROUP" fi log_daemon_msg "Starting $DESC" log_progress_msg "$NAME" start_daemon -p $FFPROXY_PID $FFPROXY $FFPROXY_OPTS RET=$? log_end_msg $RET return $RET } do_reload() { log_daemon_msg "Reloading $DESC" log_progress_msg "$NAME" if [ "$FFPROXY_USECHROOT" = "yes" ]; then update_chroot fi killproc -p $FFPROXY_PID $FFPROXY SIGHUP RET=$? log_end_msg $RET return $RET } do_stop() { log_daemon_msg "Stopping $DESC" log_progress_msg "$NAME" if [ -d "$FFPROXY_CHROOT" ]; then delete_chroot fi start-stop-daemon --stop --quiet --oknodo --pidfile $FFPROXY_PID RET=$? log_end_msg $? return $RET } do_status() { status_of_proc -p "$FFPROXY_PID" "$(basename "$FFPROXY")" "$NAME" RET=$? return $RET } case "$1" in start) do_start || exit $? ;; stop) do_stop || exit $? ;; reload|force-reload) do_reload || exit $? ;; restart) do_stop sleep 5 do_start || exit $? ;; status) do_status || exit $? ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2 exit 1 ;; esac exit 0 debian/control0000644000000000000000000000172612222340114010566 0ustar Source: ffproxy Section: net Priority: optional Maintainer: Emmanuel Bouthenot Build-Depends: debhelper (>= 8.9.0), autotools-dev Standards-Version: 3.9.4 Vcs-Git: git://anonscm.debian.org/users/kolter/ffproxy.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=users/kolter/ffproxy.git Homepage: http://ffproxy.sourceforge.net/ Package: ffproxy Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, lsb-base (>= 3.0-3), ucf (>= 0.08) Description: Light and customizable http(s) proxy server with ipv6 support ffproxy is a filtering HTTP/HTTPS proxy server. - It is able to filter by host, URL, and header. - Custom header entries can be filtered and added. - It can even drop its privileges and be chrooted. - Logging to syslog() is supported. - It can use another auxiliary proxy server. - HTTP accelerator feature (acting as front-end to a HTTP server) is included. - It allows transparent IPv6 over IPv4 browsing (and vice versa). debian/ffproxy.conf.debian0000644000000000000000000000712111074351331012752 0ustar # # Debianized configuration file for ffproxy(8) # (version 1.6) # # lines starting with '#' are comments # number of child processes, # that is, the maximum number of concurrent requests # (default: 10) child_processes 10 # ffproxy binds to any IPv4 address # and any IPv6 address by default # # bind to IPv4? (default: yes) #bind_ipv4 no bind_ipv4 yes # bind to IPv6? (default: yes) bind_ipv6 no #bind_ipv6 yes # # Hostname or IP to bind to # (default is any IP) # #bind_ipv4_host 192.168.10.1 #bind_ipv4_host martyr.burden.eu.org #bind_ipv6_host ::1 #bind_ipv6_host oz.burden.eu.org # listen on port # (default: 8080) #port 1111 port 8080 # use IPv6 when contacting servers? # (default: yes) use_ipv6 no #use_ipv6 yes # use syslog? # (default: yes) #use_syslog no use_syslog yes # log all requests? # (default: no) # to use, set also use_syslog to yes #log_all_requests yes log_all_requests no # forward to proxy (auxiliary proxy) # (set `forward_proxy_port 0' to explicitly disable feature # (i.e, when reloading configuration file via SIGHUP)) # (disabled by default) #forward_proxy blackness.burden.eu.org #forward_proxy 192.168.10.5 #forward_proxy ::1 #forward_proxy_port 8082 forward_proxy_port 0 # try IPv6 for auxiliary proxy? # use_ipv6 must be set to yes, too # (default: yes) #forward_proxy_ipv6 no forward_proxy_ipv6 yes # http accelerator # (disabled by default) # # if you want to use ffproxy as http accelerator (that is, connecting # to just one http server and beeing used as front-end to that, e.g. # in DMZ) uncomments options below (port is optional, defaults to 80) # (set `accel_port 0' to explicitly disable feature # (i.e, when reloading configuration file via SIGHUP)) #accel_host 10.254.1.2 #accel_host revelation.martyr.eu.org #accel_port 80 accel_port 0 # # Omit Host: accel_host:accel_port in Header # to provide own Host: header via db/filter.header.add? # (default: yes) #accel_user_host no accel_user_host yes # keep alive on client to proxy connections # (enabled by default) #use_keep_alive no use_keep_alive yes # allow CONNECT request to other than port 443 (HTTPS) # (CONNECT enables HTTPS proxying) # (disabled by default for security) #unrestricted_connect yes unrestricted_connect no # timeout for CONNECT requests in seconds # (default: 5) #timeout_connect 20 timeout_connect 5 # backlog size for accept() # (default: 4) #backlog_size 16 backlog_size 4 ###################################################### # Debian config : # --------------- # do not modify values below unless you now what you # know what you are doing, if modified it will break # init script ###################################################### # run as daemon? # (default: no) daemonize yes #daemonize no # change UID and GID # # to use, both uid and gid must be set # (disabled by default) #uid proxy #gid proxy #uid 37 #gid 38 # change root to (only in connection with uid and gid change) # /etc/resolv.conf might need to be copied # to chroot_dir/etc/resolv.conf # (disabled by default) #chroot_dir /path/to/chroot # path to db/ and html/ directories # (default: _BASE_) # (Note: if ffproxy runs chrooted, # give a path name relative to new root, or, # if db_files_path is the same as root, use db_files_path ./ # You have to start ffproxy in the new root directory, # otherwise it won't find the database files. # Please keep in mind that ffproxy's config file has to # be within chroot directory, otherwise it will not find # its config file on reload) #db_files_path ./ # directory to store file ffproxy.pid (with ffproxy pid inside) # (default: /var/run) #pid_dir /tmp #pid_dir /var/run # end of file debian/README.source0000644000000000000000000000065511256237424011361 0ustar ffproxy for Debian ------------------ This package uses quilt to manage all modifications to the upstream source. Changes are stored in the source package as diffs in debian/patches and applied during the build. Please see: /usr/share/doc/quilt/README.source for more information on how to apply the patches, modify patches, or remove a patch. -- Emmanuel Bouthenot , Tue, 22 Sep 2009 21:18:12 +0000 debian/default0000644000000000000000000000052311657767714010562 0ustar # Defaults for ffproxy initscript # sourced by /etc/init.d/ffproxy # yes = start on boot; no = don't start on boot FFPROXY_START=yes # yes = chroot daemon; no = no chroot FFPROXY_USECHROOT=yes # daemon will drop its privileges? FFPROXY_USER=nobody FFPROXY_GROUP=nogroup # Additional options that are passed to the Daemon FFPROXY_OPTS= debian/source/0000755000000000000000000000000011511143467010471 5ustar debian/source/format0000644000000000000000000000001411511143467011677 0ustar 3.0 (quilt) debian/postinst0000644000000000000000000000051212222336235010772 0ustar #!/bin/sh # # postinst script for ffproxy # set -e if [ "$1" = "configure" ]; then if which ucf >/dev/null; then ucf /usr/share/ffproxy/ffproxy.conf.debian \ /etc/ffproxy/ffproxy.conf fi if which ucfr >/dev/null; then ucfr ffproxy /etc/ffproxy/ffproxy.conf fi fi #DEBHELPER# exit 0 debian/install0000644000000000000000000000021712222311542010551 0ustar usr/bin/ffproxy usr/share/ffproxy/db/* etc/ffproxy/db/ usr/share/ffproxy/html/* etc/ffproxy/html/ debian/ffproxy.conf.debian usr/share/ffproxy debian/README.Debian0000644000000000000000000000175011657700712011240 0ustar ffproxy for Debian ------------------ - ffproxy for debian include a patch which add minor feature and fix a bug: This patch (01_add_piddir.dpatch): - make possible to set (command line or config file) a directory to store the ffproxy.pid file when ffproxy daemonize() or not. The default behaviour was to create the ffproxy.pid file in /usr/share/ffproxy only in daemonize mode. - This patch fix a bug which appears when ffproxy drop its privileges for any user/group, and when it is in daemonize mode, ffproxy can't write its pid file (ffproxy.pid) in the /usr/share/ffproxy directory because of wrong permissions. - Traffic rules: By default, ffproxy does not allow any traffic. You have to take a look at ffproxy.quick manpage to configure access to the proxy. Take a look at /etc/ffproxy/db/access.ip and /etc/ffproxy/db/access.host setup access. -- Emmanuel Bouthenot Sun, 30 Oct 2011 23:54:12 +0000 debian/changelog0000644000000000000000000001047512222343614011046 0ustar ffproxy (1.6-11) unstable; urgency=low * Move ffproxy.conf template from /usr/share/doc/ffproxy to /usr/share/ffproxy to fix a Debian Policy violation (Closes: #710191) * Bump Standards-Version to 3.9.4 * Add a patch to fix a segfault when logging requests in syslog with log_all_requests=yes and unrestricted_connect=yes. Thanks to Antoni Villalonga for the patch (Closes: #702041) -- Emmanuel Bouthenot Mon, 30 Sep 2013 18:48:38 +0000 ffproxy (1.6-10) unstable; urgency=low * Add a patch to fix HTTP headers parser while receiving multibytes chars. Thanks to Paul Merrill for the patch. (Closes: #661425) * Bump Standards-Version to 3.9.3 (no changes) * Update debian/copyright regarding the last patches included -- Emmanuel Bouthenot Sat, 24 Mar 2012 09:24:00 +0000 ffproxy (1.6-9) unstable; urgency=low * Fix files owner/group from nobody to root while running ffproxy inside a chroot (Closes: #655578). Thanks to Stephane Chazelas for the bug report and the patch * Update some LSB init script fields (Short-Description and Description) -- Emmanuel Bouthenot Sat, 28 Jan 2012 15:27:05 +0000 ffproxy (1.6-8) unstable; urgency=low * Fix an issue with dns resolution in ffproxy chroot due to recent multi arch changes (Closes: #645237) * Major rewrite of init script * Bump Standards-Version to 3.9.2 (no changes) * Fix spelling error in manpage * Update short description (tiny changes) * Update debian/rules with dh9 features * Fix some typos in README.Debian * Update Vcs-Git and Vcs-Browser fields * Switch debian/copyright to DEP5 format * Switch patches to DEP3 format * Fix typo in default file (LP: #592615) -- Emmanuel Bouthenot Sun, 30 Oct 2011 16:43:36 +0000 ffproxy (1.6-7) unstable; urgency=low * Update maintainer email. * Bump Standards-Version to 3.9.1 (no changes). * Switch to dpkg-source 3.0 (quilt) format. * Update Vcs-Git and Vcs-Browser fields. * Update copyright file (new year changes, maintainer email update). * Add a patch to fix spelling errors in manpages. * Fix “Default-Stop” field in init script LSB headers. * Remove unneeded DMUA field. -- Emmanuel Bouthenot Wed, 05 Jan 2011 19:28:24 +0000 ffproxy (1.6-6) unstable; urgency=low * Clean and minify debian/rules thanks to dh 7 overrides. * Fix incorrects runlevels and depends in init.d script (Closes: #541865) * Add missing ${misc:Depends}. * Bump Standards-Version to 3.8.3. * Refresh patches (add description). * Add file README.source. * Minor updates on debian/copyright. * Add a patch which fixes lintian warnings about hyphens in manpages. * Add a patch which fix a FTBFS with (e)glibc 2.10. Thanks to Nicolas Van Wambeke from Ubuntu for its patch (Closes: #547402). -- Emmanuel Bouthenot Sun, 20 Sep 2009 18:41:17 +0000 ffproxy (1.6-5) unstable; urgency=low * Drop Homepage from description. * Add Vcs-Browser and Vcs-Git fields in debian/control. * Bump Standards-Version to 3.8.0. * Switch to debhelper 7, add debian/manpages and debian/install files. * Fix debian/rules to work with the new source package format "3.0 (quilt)" (Closes: #484971) * Add DM-Upload-Allowed field. -- Emmanuel Bouthenot Sun, 12 Oct 2008 11:13:03 +0000 ffproxy (1.6-4) unstable; urgency=low * Adding Homepage field in debian/control in source headers and description * Switch from dpatch to quilt for the patches * Fix lintian warning on "make clean" * Adding a patch which allows ffproxy to be bound on the same port for ipv4 and ipv6 (Closes: #453510) -- Emmanuel Bouthenot Fri, 30 Nov 2007 18:52:18 +0100 ffproxy (1.6-3) unstable; urgency=low * change the way to stop dameon to work around the bug #352554 of start-stop-daemon (Closes: #407929) -- Emmanuel Bouthenot Sat, 3 Mar 2007 11:11:23 +0100 ffproxy (1.6-2) unstable; urgency=low * fix FTBFS (Closes: #390534) -- Emmanuel Bouthenot Mon, 2 Oct 2006 18:30:46 +0200 ffproxy (1.6-1) unstable; urgency=low * adding a patch which fix bug related to pid file creation * Initial release (Closes: #388252) -- Emmanuel Bouthenot Mon, 11 Sep 2006 18:19:27 +0200 debian/copyright0000644000000000000000000000265011733330102011115 0ustar Format: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=174 Upstream-Name: ffproxy Upstream-Contact: Niklas Olmes Source: http://ffproxy.sourceforge.net/ Files: * Copyright: 2002-2005, Niklas Olmes License: GPL-2+ Files: debian/patches/07_handle-multibytes-headers Copyright: 2012, Paul Merrill License: GPL-2+ Files: debian/patches/04_ftbfs-eglibc-2-10 Copyright: 2009, Nicolas Van Wambeke License: GPL-2+ Files: debian/* Copyright: 2006-2012, Emmanuel Bouthenot License: GPL-2+ License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. debian/patches/0000755000000000000000000000000012222340051010604 5ustar debian/patches/05_spelling-errors-in-manpage0000644000000000000000000000457011657706027016226 0ustar Description: Fix spelling errors in manpages Author: Emmanuel Bouthenot Last-Update: 2011-11-12 --- a/ffproxy.conf.5.s +++ b/ffproxy.conf.5.s @@ -31,7 +31,7 @@ .Ss User Configuration File Use command line parameter \-f to load a non-default configuration file. You will notice the warning at the program's startup. This -is due to the programs implementation that allows to reload +is due to the programs implementation that allows one to reload all configuration files. To disable the warning, use \-F instead. .Ss Deactivating To use command line options only, use \-f "". @@ -40,7 +40,7 @@ the configuration file specified, the contents of db/ and html/, send the signal HUP to the program's master process. ffproxy pid can be found by default in file /var/run/ffproxy.pid, you can override /var/run directory -with command line paramter \-n or with pid_dir setting in config file. +with command line parameter \-n or with pid_dir setting in config file. .Pp Options that can be successfully altered at runtime are .Bd -literal -offset indent --- a/ffproxy.8.s +++ b/ffproxy.8.s @@ -12,7 +12,7 @@ .Op Fl p Ar port .Op Fl c Ar ip|hostname .Op Fl C Ar ip|hostname -.Op Fl l Ar childs +.Op Fl l Ar children .Op Fl u Ar uid|user Fl g Ar gid|group .Op Fl r Ar dir .Op Fl D Ar datadir @@ -45,7 +45,7 @@ .Pp The following command line options are recognized. They specify general settings like IP to bind to or place of the db/ and html/ -directories. Note that arguments to options must be seperated +directories. Note that arguments to options must be separated from the option by spaces, as are such options from each other. .Pp .Bl -tag -width "message" @@ -55,7 +55,7 @@ Bind to IPv4. Default is any IPv4. .It Fl C Ar ip|hostname Bind to IPv6. Default is any IPv6. -.It Fl l Ar childs +.It Fl l Ar children Maximum number of child processes to be forked. That is, the maximum number of concurrent requests allowed. Default is 10. .It Fl u Ar uid|user Fl g Ar gid|group @@ -309,7 +309,7 @@ .Sh LOGGING By default, the proxy logs incorrect and filtered requests. To log all requests, use the configuration file keyword -`log_all_requests yes'. Please make sure that you seperate +`log_all_requests yes'. Please make sure that you separate the programs log output from that of other programs by modifying .Xr syslog.conf 5 , since the output is very noisy. debian/patches/02_ipv4_ipv60000644000000000000000000000453011657706202012677 0ustar Description: Patch which allows ffproxy to be bound on the same port for ipv4 and ipv6 Author: Emmanuel Bouthenot Bug-Debian: http://bugs.debian.org/453510 Last-Update: 2007-11-30 --- a/socket.c +++ b/socket.c @@ -71,6 +71,13 @@ int num_fd; int isipv4; + if (config.bind_ipv4 && config.bind_ipv6) { + if (*config.ipv4 == '\0' && *config.ipv6 != '\0') + fatal("error: while binding port on ipv4 and ipv6, if option 'bind_ipv4_host' is set, bind_ipv6_host must be set too"); + if (*config.ipv4 != '\0' && *config.ipv6 == '\0') + fatal("error: while binding port on ipv4 and ipv6, if option 'bind_ipv6_host' is set, bind_ipv4_host must be set too"); + } + if (config.port == 0) config.port = DFLT_PORT; (void) snprintf(strport, sizeof(strport), "%d", config.port); @@ -80,13 +87,25 @@ num_fd++; if (config.bind_ipv6) num_fd++; - + + if (config.bind_ipv4 && config.bind_ipv6 + && *config.ipv4 == '\0' && *config.ipv6 == '\0') + num_fd--; + i = 0; (void) memset(s, 0, sizeof(s)); s[0].fd = s[1].fd = 0; while (i < num_fd) { (void) memset(&hints[i], 0, sizeof(struct addrinfo)); - hints[i].ai_family = (i == 0 && config.bind_ipv4) ? PF_INET : PF_INET6; + + if (config.bind_ipv4 && config.bind_ipv6 + && *config.ipv4 == '\0' && *config.ipv6 == '\0') + hints[i].ai_family = PF_UNSPEC; + else if (i == 0 && config.bind_ipv4) + hints[i].ai_family = PF_INET; + else + hints[i].ai_family = PF_INET6; + hints[i].ai_socktype = SOCK_STREAM; hints[i].ai_flags = AI_PASSIVE; if (i == 0 && config.bind_ipv4) { @@ -113,12 +132,8 @@ fatal("setsockopt() failed for (%s) %s", ip_add, (i == 0 && config.bind_ipv4) ? "IPv4" : "IPv6"); } if (bind(s[i].fd, (struct sockaddr *) res->ai_addr, res->ai_addrlen) < 0) { - (void) close(s[i].fd); -#if defined(__linux__) - if (i == 1) - fatal("could not bind to IPv6, possibly because of\nLinux's ``feature'' to bind to IPv4 also.\nTry -b or binding to specific IPv6 address via -C\nif you're using IPv6 with Linux 2.4\nError message"); -#endif /* __linux__ */ - fatal("bind() failed for (%s) %s", ip_add, (i == 0 && config.bind_ipv4) ? "IPv4" : "IPv6"); + (void) close(s[i].fd); + fatal("bind() failed for (%s) %s", ip_add, (i == 0 && config.bind_ipv4) ? "IPv4" : "IPv6"); } if (listen(s[i].fd, config.backlog) != 0) { (void) close(s[i].fd); debian/patches/100_fix-exit-codes0000644000000000000000000000107411657743416013770 0ustar --- a/print.c +++ b/print.c @@ -63,7 +63,11 @@ syslog(LOG_ERR, "%s, terminating\n", buf); perror(buf); - exit(1); + if (config.syslog) + syslog(LOG_ERR, "Before Exit...\n"); + exit(EXIT_FAILURE); + if (config.syslog) + syslog(LOG_ERR, "After Exit...\n"); } void @@ -80,7 +84,11 @@ syslog(LOG_NOTICE, "%s, terminating\n", buf); (void) fprintf(stderr, "%s, terminating\n", buf); - exit(1); + if (config.syslog) + syslog(LOG_ERR, "Before Exit NNNN...\n"); + exit(EXIT_FAILURE); + if (config.syslog) + syslog(LOG_ERR, "After Exit NNNN...\n"); } void debian/patches/06_handle-multibytes-headers0000644000000000000000000000057111733327044016117 0ustar Description: Patch which allows ffproxy to handle multibytes characters in headers Author: Paul Merrill Bug-Debian: http://bugs.debian.org/661425 Last-Update: 2012-03-24 --- a/request.c +++ b/request.c @@ -221,7 +221,7 @@ { char c; - if (read(s, &c, 1) != 1 || c < 1) + if (read(s, &c, 1) != 1 || c == 0) return -1; else return c; debian/patches/series0000644000000000000000000000024612222340051012023 0ustar 01_add_piddir 02_ipv4_ipv6 03_use-minus-in-manpage 04_ftbfs-eglibc-2-10 05_spelling-errors-in-manpage 06_handle-multibytes-headers 07_fix_segfault_syslog_logrequests debian/patches/07_fix_segfault_syslog_logrequests0000644000000000000000000000102012222337747017565 0ustar Description: Fix a segfault when logging requests in syslog with log_all_requests=yes and unrestricted_connect=yes. Bug-Debian: http://bugs.debian.org/702041 Author: Antoni Villalonga Last-Update: 2013-03-18 --- a/request.c +++ b/request.c @@ -91,7 +91,7 @@ r.host, clinfo->name, clinfo->ip); else info("CONNECT to host (%s:%d) from (%s) [%s]", - r.host, r.port, clinfo->ip); + r.host, r.port, clinfo->name, clinfo->ip); } i = do_request(cl, &r); switch (i) { debian/patches/01_add_piddir0000644000000000000000000001672611657705066013154 0ustar Description: Patch which fix bug related to pid file creation Author: Emmanuel Bouthenot Last-Update: 2006-09-11 --- a/cfg.h +++ b/cfg.h @@ -39,6 +39,8 @@ int nowarn; int first; + + char piddir[256]; }; #define MAX_CHILDS 1024 --- a/db.c +++ b/db.c @@ -373,7 +373,13 @@ } else if (strcmp("timeout_connect", obuf) == 0) { config.to_con = atoi(abuf); continue; - } else if (!config.first) { + } + else if (strcmp("pid_dir", obuf) == 0) { + (void) strncpy(config.piddir, abuf, sizeof(config.piddir) - 1); + config.piddir[sizeof(config.piddir) - 1] = 0; + continue; + } + else if (!config.first) { continue; } else if (*obuf != '#') { warn("unknown option in config file %s: %s", config.file, obuf); --- a/ffproxy.8.s +++ b/ffproxy.8.s @@ -19,6 +19,7 @@ .Op Fl x Ar proxyip|proxyhost Fl X Ar proxyport .Op Fl a Ar ip|hostname .Op Fl A Ar port +.Op Fl n Ar piddir .Op Fl f Ar configfile .Op Fl ds4bBhv .Sh DESCRIPTION @@ -85,6 +86,9 @@ Auxiliary forward HTTP server to use (see section HTTP ACCELERATOR). .It Fl A Ar port Port to use for above. Defaults to 80. +.It Fl n Ar piddir +directory to store file ffproxy.pid with ffproxy pid inside. Default is +.Pa /var/run .It Fl f Ar configfile User configuration file to load. Please note that command line options get overwritten by set configuration file options. @@ -296,13 +300,12 @@ .Xr ffproxy.conf 5 for details on options that may be changed at runtime. .Pp -If daemonized, the master process writes the pid file +ffproxy write its pid file .Pa ffproxy.pid -to the working directory, that is, the directory -specified by db_files_path or the command line parameter -D. -It defaults to -.Pa _BASE_ . -The program will terminate if writing fails. +in the directory specified by the command line parameter -n or the +.Pa pid_dir +setting in config file. Default is +.Pa /var/run . .Sh LOGGING By default, the proxy logs incorrect and filtered requests. To log all requests, use the configuration file keyword @@ -323,12 +326,6 @@ and who is allowed to connect and use ffproxy .El .Pp -If daemonized, ffproxy writes the pid of its master -process to the file named -.Pa ffproxy.pid -in its working directory -- -.Pa _BASE_ -by default. .Sh SEE ALSO .Pa sample.config for a sample configuration file --- a/ffproxy.conf.5.s +++ b/ffproxy.conf.5.s @@ -38,10 +38,9 @@ .Ss Reloading Configuration To let the proxy reload its configuration files, that is, besides the configuration file specified, the contents of db/ and html/, -send the signal HUP to the program's master process. If -ffproxy runs daemonized, the PID can be found in -.Pa db_files_path/ffproxy.conf . -Otherwise look into your system's syslog log files or process table. +send the signal HUP to the program's master process. ffproxy pid can be found +by default in file /var/run/ffproxy.pid, you can override /var/run directory +with command line paramter -n or with pid_dir setting in config file. .Pp Options that can be successfully altered at runtime are .Bd -literal -offset indent @@ -204,6 +203,12 @@ # (default: 4) #backlog_size 16 #backlog_size 4 + +# directory to store file ffproxy.pid (with ffproxy pid inside) +# (default: /var/run) +#pid_dir /tmp +#pid_dir /var/run + .Ed .Sh VERSION This manual documents ffproxy 1.6 (2005-01-05). --- a/main.c +++ b/main.c @@ -20,19 +20,12 @@ */ #include "configure.h" -#ifdef HAVE_SYS_TYPES_H -# include -#endif - #include - -#ifdef HAVE_STDLIB_H -# include -#endif +#include +#include +#include #include -#ifdef HAVE_UNISTD_H -# include -#endif +#include #include #include #include @@ -44,34 +37,9 @@ #include "dns.h" #include "signals.h" -#if !defined(HAVE_DAEMON) || defined(NEED_DAEMON) || defined(__sun__) -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_SYS_STAT_H -# include -#endif -#ifdef HAVE_FCNTL_H -# include -#endif - -static int daemon(int, int); -int -daemon(int nochdir, int noclose) -{ - int f; - f = open("/dev/null", O_RDWR); - (void) dup2(STDIN_FILENO, f); - (void) dup2(STDERR_FILENO, f); - (void) dup2(STDOUT_FILENO, f); - if (fork()) - _exit(0); - return 0; -} -#endif - static void usage(void); static void drop_privileges(void); +static void write_pid(char*, pid_t); static const char version[] = "1.6"; static const char rcsid[] = "$Id: main.c,v 2.2 2005/01/05 15:12:49 niklas Exp niklas $"; @@ -84,6 +52,7 @@ { int c, nowarn; char *prgname; + pid_t pid; prgname = argv[0]; nowarn = 0; @@ -119,8 +88,9 @@ config.unr_con = 0; config.to_con = 5; config.first = 1; + (void) strncpy(config.piddir, "/var/run", sizeof(config.piddir) - 1); - while ((c = getopt(argc, argv, "vdbBc:C:p:x:X:l:u:g:r:D:F:f:s4a:A:h")) != -1) { + while ((c = getopt(argc, argv, "vdbBc:C:p:x:X:l:u:g:r:D:F:f:s4a:A:n:h")) != -1) { switch (c) { case 'v': (void) printf("ffproxy version %s, %s\n", @@ -240,6 +210,14 @@ usage(); /* NOTREACHED */ break; + case 'n': + if (strlen(optarg) > sizeof(config.piddir) - 1 ) { + (void) fprintf(stderr, "piddir directory too long\n"); + exit(1); + } + (void) strncpy(config.piddir, optarg, sizeof(config.piddir) - 1); + config.piddir[sizeof(config.piddir) - 1] = '\0'; + break; default: (void) fprintf(stderr, "Error, type `%s -h' for help on usage\n", prgname); exit(1); @@ -258,26 +236,30 @@ info("started, initializing"); load_databases(); (void) resolve("localhost"); - drop_privileges(); - + + pid = getpid(); if (config.daemon) { - FILE *fp; - - if (daemon(1, 0) != 0) - fatal("daemon() failed"); + pid = fork(); + if (pid == -1) + fatal("daemonize() failed"); + + if (pid > 0) { + write_pid(config.piddir, pid); + _exit (0); + } + else { (void) close(0); (void) close(1); (void) close(2); + } + } + else + write_pid(config.piddir, pid); - (void) chdir(config.dbdir); - if ((fp = fopen("ffproxy.pid", "w")) == NULL) - fatal("cannot create pid file ffproxy.pid in %s", config.dbdir); + drop_privileges(); - (void) fprintf(fp, "%ld", (long) getpid()); - (void) fclose(fp); - } (void) snprintf(loop_header, sizeof(loop_header), "X-Loop-%d-%d: true", getpid(), (int) time(NULL)); - + init_sighandlers(); open_socket(); @@ -312,8 +294,9 @@ " -D dir databases are in dir (default is %s)\n" " -f file use config file (default is %s; *overwrites*)\n" " -a host|ip auxiliary forward server to use\n" - " -A port auxiliary forward server port (default is 80)\n", - DATADIR, CFGFILE); + " -A port auxiliary forward server port (default is 80)\n" + " -n dir pid file (ffproxy.pid) will be written in dir\n", + DATADIR, CFGFILE); exit(1); } @@ -348,3 +331,23 @@ info("=> UID(%d), EUID(%d), GID(%d), EGID(%d)", getuid(), geteuid(), getgid(), getegid()); } + +static void +write_pid(char *dir, pid_t p) +{ + FILE *fp; + + if (*dir != '\0') { + if (chdir(dir) == 0) { + if ((fp = fopen("ffproxy.pid", "w")) == NULL) + fatal("cannot create pid file ffproxy.pid in %s", dir); + else { + info("writing pid in %s/ffproxy.pid", dir); + (void) fprintf(fp, "%ld", (long) p); + (void) fclose(fp); + } + } + else + fatal("cannot change directory for %s to write pid file", dir); + } +} debian/patches/04_ftbfs-eglibc-2-100000644000000000000000000000273511657705721013771 0ustar Description: Patch which fix FTBFS with eglibc 2.10 Author: Nicolas Van Wambeke Bug-Debian: http://bugs.debian.org/547402 Last-Update: 2009-09-20 --- a/request.c +++ b/request.c @@ -49,7 +49,7 @@ static int read_header(int, struct req *); static char sgetc(int); -static size_t getline(int, char[], int); +static size_t get_line(int, char[], int); static int do_request(int, struct req *); void @@ -63,7 +63,7 @@ (void) memset(&r, 0, sizeof(r)); r.cl = clinfo; - if (getline(cl, buf, sizeof(buf)) < 1) + if (get_line(cl, buf, sizeof(buf)) < 1) *buf = '\0'; if ((http_url(&r, buf)) == 0) { @@ -189,7 +189,7 @@ char *b, *p; i = 0; - while ((len = getline(cl, buf, sizeof(buf))) > 0 && i < sizeof(r->header) - 1) { + while ((len = get_line(cl, buf, sizeof(buf))) > 0 && i < sizeof(r->header) - 1) { b = buf; while (isspace((int) *b) && *(b++) != '\0'); if (*b == '\0') @@ -228,7 +228,7 @@ } static size_t -getline(int s, char buf[], int len) +get_line(int s, char buf[], int len) { int c; size_t i; @@ -493,7 +493,7 @@ } if (r->type != CONNECT) { i = 0; - while ((len = getline(s, buf, sizeof(buf))) > 0 && i < sizeof(r->header) - 1) { + while ((len = get_line(s, buf, sizeof(buf))) > 0 && i < sizeof(r->header) - 1) { DEBUG(("do_request() => got remote header line: (%s)", buf)); r->header[i] = (char *) my_alloc(len + 1); (void) strcpy(r->header[i++], buf); debian/patches/03_use-minus-in-manpage0000644000000000000000000001100211657705526015011 0ustar Description: Fix hyphen used as minus sign Author: Emmanuel Bouthenot Last-Update: 2009-09-20 --- a/ffproxy.conf.5.s +++ b/ffproxy.conf.5.s @@ -24,23 +24,23 @@ and documents the options. .Sh USING CONFIGURATION FILES .Ss Default ffproxy.conf -If the command line parameters -f or -F are not used, the proxy +If the command line parameters \-f or \-F are not used, the proxy tries to open .Pa _CFGFILE_ . If this file does not exist, the program continues execution. .Ss User Configuration File -Use command line parameter -f to load a non-default configuration +Use command line parameter \-f to load a non-default configuration file. You will notice the warning at the program's startup. This is due to the programs implementation that allows to reload -all configuration files. To disable the warning, use -F instead. +all configuration files. To disable the warning, use \-F instead. .Ss Deactivating -To use command line options only, use -f "". +To use command line options only, use \-f "". .Ss Reloading Configuration To let the proxy reload its configuration files, that is, besides the configuration file specified, the contents of db/ and html/, send the signal HUP to the program's master process. ffproxy pid can be found by default in file /var/run/ffproxy.pid, you can override /var/run directory -with command line paramter -n or with pid_dir setting in config file. +with command line paramter \-n or with pid_dir setting in config file. .Pp Options that can be successfully altered at runtime are .Bd -literal -offset indent --- a/ffproxy.quick.7.s +++ b/ffproxy.quick.7.s @@ -111,7 +111,7 @@ we run the program change-rooted to /var/ffproxy, so files are relative to new root. .Bd -literal -offset indent -cd /var/ffproxy ; /usr/local/bin/ffproxy -f ffproxy.conf +cd /var/ffproxy ; /usr/local/bin/ffproxy \-f ffproxy.conf .Ed .Pp starts ffproxy. Now test if it works correctly. --- a/ffproxy.8.s +++ b/ffproxy.8.s @@ -64,20 +64,20 @@ .It Fl r Ar dir Change root .Xr chroot 7 -to dir. Used in conjunction with -u and -g. Because ffproxy +to dir. Used in conjunction with \-u and \-g. Because ffproxy drops its privileges and chroots after reading the configuration files, --D should be set to . (the current dir). It might need +\-D should be set to . (the current dir). It might need .Pa /etc/resolv.conf copied as etc/resolv.conf in its working directory. Example: -``# cd /var/ffproxy ; /usr/local/bin/ffproxy -r /var/ffproxy -D . -d -u proxy -g proxy -f ""'' +``# cd /var/ffproxy ; /usr/local/bin/ffproxy \-r /var/ffproxy \-D . \-d \-u proxy \-g proxy \-f ""'' .It Fl x Ar ip|hostname Specify IP (or hostname) of an auxiliary proxy server that -the program will forward requests to. Used together with -X. +the program will forward requests to. Used together with \-X. .It Fl X Ar port Port number of auxiliary proxy. .It Fl D Ar dir Location of the db/ and html/ directories. For example, -specifying -D /var/ffproxy tells the proxy to search +specifying \-D /var/ffproxy tells the proxy to search for db/ files in .Pa /var/ffproxy/db/ and html/ files in @@ -96,7 +96,7 @@ .Pa _CFGFILE_ . Read .Xr ffproxy.conf 5 -for details. Use -f "" to disable configuration files. +for details. Use \-f "" to disable configuration files. .It Fl d Run as daemon. .It Fl s @@ -106,7 +106,7 @@ .It Fl b Don't bind to IPv4. Might be needed under Linux 2.4, due to a ``Feature'' IPv6 binds to IPv4, too. Try using this option or bind to specific -IPv6 address via -C. +IPv6 address via \-C. .It Fl B Don't bind to IPv6. .It Fl h @@ -170,7 +170,7 @@ are lines beginning with a # (comments). .Pp The location of the db/ directory may be specified by an -argument to the command line option -D. +argument to the command line option \-D. If this option and configuration file option db_files_path are not used, ffproxy will search for db/ and html/ in .Pa _BASE_ . @@ -249,7 +249,7 @@ ffproxy may also be used as a HTTP accelerator, that is, connecting to just one HTTP server and beeing a front-end to that. Use accel_host and accel_port -in configuration file or command line options -a and -A +in configuration file or command line options \-a and \-A to use this feature. .Pp Default behaviour is *not* sending Host: header to @@ -302,7 +302,7 @@ .Pp ffproxy write its pid file .Pa ffproxy.pid -in the directory specified by the command line parameter -n or the +in the directory specified by the command line parameter \-n or the .Pa pid_dir setting in config file. Default is .Pa /var/run . debian/dirs0000644000000000000000000000007212222311527010046 0ustar usr/bin etc/ffproxy/db etc/ffproxy/html usr/share/ffproxy debian/manpages0000644000000000000000000000005111074360541010701 0ustar ffproxy.8 ffproxy.conf.5 ffproxy.quick.7 debian/docs0000644000000000000000000000002111074351331010030 0ustar BUGS README TODO debian/compat0000644000000000000000000000000211653306460010370 0ustar 9 debian/rules0000755000000000000000000000031311653307465010255 0ustar #!/usr/bin/make -f override_dh_auto_configure: dh_auto_configure -- --sysconfdir=/etc/ffproxy override_dh_auto_install: dh_auto_install --destdir=$(CURDIR)/debian/tmp %: dh $@ --with autotools_dev