added an option to handle intercepted sessions locally

This commit is contained in:
hyung-hwan 2014-10-09 13:09:23 +00:00
parent bd40641e08
commit 870f307d96
2 changed files with 23 additions and 14 deletions

View File

@ -188,7 +188,7 @@ struct loccfg_t
{ {
unsigned int allow_http: 1; unsigned int allow_http: 1;
unsigned int allow_connect: 1; unsigned int allow_connect: 1;
unsigned int allow_intercept: 1; unsigned int allow_intercept: 2; /* 0: no, 1: proxy, 2: local */
unsigned int allow_upgrade: 1; unsigned int allow_upgrade: 1;
unsigned int dns_enabled: 1; unsigned int dns_enabled: 1;
unsigned int urs_enabled: 1; unsigned int urs_enabled: 1;
@ -465,7 +465,13 @@ static int get_server_root (
if (qinfo->client->status & QSE_HTTPD_CLIENT_INTERCEPTED) if (qinfo->client->status & QSE_HTTPD_CLIENT_INTERCEPTED)
{ {
/* transparent proxying */ /* transparent proxying */
if (loccfg->proxy.allow_intercept) if (loccfg->proxy.allow_intercept <= 0)
{
root->type = QSE_HTTPD_SERVERSTD_ROOT_ERROR;
root->u.error.code = 403; /* forbidden */
return 0;
}
else if (loccfg->proxy.allow_intercept <= 1)
{ {
root->type = QSE_HTTPD_SERVERSTD_ROOT_PROXY; root->type = QSE_HTTPD_SERVERSTD_ROOT_PROXY;
root->u.proxy.dst.nwad = qinfo->client->orgdst_addr; root->u.proxy.dst.nwad = qinfo->client->orgdst_addr;
@ -480,12 +486,6 @@ static int get_server_root (
goto proxy_ok; goto proxy_ok;
} }
else
{
root->type = QSE_HTTPD_SERVERSTD_ROOT_ERROR;
root->u.error.code = 403; /* forbidden */
return 0;
}
} }
if (mth == QSE_HTTP_CONNECT) if (mth == QSE_HTTP_CONNECT)
@ -1059,6 +1059,15 @@ static int get_boolean (const qse_xli_str_t* v)
qse_strxcasecmp (v->ptr, v->len, QSE_T("on")) == 0); qse_strxcasecmp (v->ptr, v->len, QSE_T("on")) == 0);
} }
static int get_intercept (const qse_xli_str_t* v)
{
if (qse_strxcasecmp (v->ptr, v->len, QSE_T("local")) == 0) return 2;
if (qse_strxcasecmp (v->ptr, v->len, QSE_T("proxy")) == 0 ||
qse_strxcasecmp (v->ptr, v->len, QSE_T("yes")) == 0 ||
qse_strxcasecmp (v->ptr, v->len, QSE_T("on")) == 0) return 1;
return 0;
}
static int get_integer (const qse_xli_str_t* v) static int get_integer (const qse_xli_str_t* v)
{ {
/* TODO: be more strict */ /* TODO: be more strict */
@ -1474,7 +1483,7 @@ static int load_loccfg_proxy (qse_httpd_t* httpd, qse_xli_t* xli, qse_xli_list_t
pair = QSE_NULL; pair = QSE_NULL;
if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("intercept")); if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("intercept"));
if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("intercept")); if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("intercept"));
if (pair) cfg->proxy.allow_intercept = get_boolean ((qse_xli_str_t*)pair->val); if (pair) cfg->proxy.allow_intercept = get_intercept ((qse_xli_str_t*)pair->val);
pair = QSE_NULL; pair = QSE_NULL;
if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("upgrade")); if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("upgrade"));

View File

@ -134,14 +134,14 @@ server-default {
# Default proxy configuration # Default proxy configuration
#################################################################### ####################################################################
proxy { proxy {
http = yes; http = yes; # yes/on, no/off
connect = yes; connect = yes; # yes/on, no/off
intercept = yes; intercept = yes; # yes/proxy/on, local, no/off,
upgrade = yes; upgrade = yes; # yes/on, no/off
#pseudonym = "nice-host"; #pseudonym = "nice-host";
dns-enabled = yes; # yes, no dns-enabled = yes; # yes/on, no/off
dns-server = "192.168.1.1:53"; dns-server = "192.168.1.1:53";
#dns-server = "[::1]:53"; #dns-server = "[::1]:53";
#dns-server = "@/tmp/dns.sock"; # unix socket prefixed with @ #dns-server = "@/tmp/dns.sock"; # unix socket prefixed with @