int url_check_check_preview(char *preview_data,int preview_data_len, request_t *req){
ci_headers_list_t* req_header;
struct url_check_data *uc=ci_service_data(req);
struct http_info httpinf;
int allow=1;
if((req_header=ci_reqmod_headers(req))==NULL) /*It is not possible but who knows .....*/
return CI_ERROR;
get_http_info(req,req_header, &httpinf);
ci_debug_printf(9,"URL to host %s\n",httpinf.site);
ci_debug_printf(9,"URL page %s\n",httpinf.page);
allow=check_destination(&httpinf);
if(!allow){
/*The URL is not a good one so....*/
ci_debug_printf(9,"Oh!!! we are going to deny this site.....\n");
uc->body=ci_cached_file_new(strlen(error_message)+10);
ci_request_create_respmod(req,1,1); /*Build the responce headers*/
ci_respmod_add_header(req,"HTTP/1.1 403 Forbidden");/*Send an 403 Forbidden http responce to web client*/
ci_respmod_add_header(req,"Server: C-ICAP");
ci_respmod_add_header(req,"Content-Type: text/html");
ci_respmod_add_header(req,"Content-Language: en");
ci_cached_file_write(uc->body,error_message,strlen(error_message),1);
}
else{
/*if we are inside preview negotiation or client allow204 responces oudsite of preview then*/
if(preview_data || ci_req_allow204(req))
return CI_MOD_ALLOW204;
/*
Squid does not support preview of data in reqmod requests neither 204 responces outside preview
so we need to read all the body if exists and send it back to squid.
Allocate a new body for it
*/
if(ci_req_hasbody(req)){
int clen=ci_content_lenght(req)+100;
uc->body=ci_cached_file_new(clen);
}
}
unlock_data(req);
return CI_MOD_CONTINUE;
}
//static int match(const struct sk_buff *skb,
// const struct net_device *in, const struct net_device *out,
// const struct xt_match *match, const void *matchinfo,
// int offset, unsigned int protoff, int *hotdrop)
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct xt_match *match,
const void *matchinfo,
int offset,
unsigned int protoff,
// const void *hdr,
// u_int16_t datalen,
bool *hotdrop)
{
const struct ipt_webstr_info *info = matchinfo;
struct iphdr *ip = ip_hdr(skb);
proc_ipt_search search=search_linear;
char token[] = "< >";
char *wordlist = (char *)&info->string;
httpinfo_t htinfo;
int flags = 0;
int found = 0;
long int opt = 0;
if (!ip || info->len < 1)
return 0;
SPARQ_LOG("\n************************************************\n"
"%s: type=%s\n", __FUNCTION__, (info->type == IPT_WEBSTR_URL)
? "IPT_WEBSTR_URL" : (info->type == IPT_WEBSTR_HOST)
? "IPT_WEBSTR_HOST" : "IPT_WEBSTR_CONTENT" );
/* Determine the flags value for get_http_info(), and mangle packet
* if needed. */
switch(info->type)
{
case IPT_WEBSTR_URL: /* fall through */
flags |= HTTP_URL;
case IPT_WEBSTR_HOST:
flags |= HTTP_HOST;
break;
case IPT_WEBSTR_CONTENT:
opt = simple_strtol(wordlist, (char **)NULL, 10);
SPARQ_LOG("%s: string=%s, opt=%#lx\n", __FUNCTION__, wordlist, opt);
if (opt & (BLK_JAVA | BLK_ACTIVE | BLK_PROXY))
flags |= HTTP_URL;
if (opt & BLK_PROXY)
flags |= HTTP_HOST;
if (opt & BLK_COOKIE)
mangle_http_header(skb, HTTP_COOKIE);
break;
default:
printk("%s: Sorry! Cannot find this match option.\n", __FILE__);
return 0;
}
/* Get the http header info */
if (get_http_info(skb, flags, &htinfo) < 1)
return 0;
/* Check if the http header content contains the forbidden keyword */
if (info->type == IPT_WEBSTR_HOST || info->type == IPT_WEBSTR_URL) {
int nlen = 0, hlen = 0;
char needle[BUFSIZE], *haystack = NULL;
char *next;
if (info->type == IPT_WEBSTR_HOST) {
haystack = htinfo.host;
hlen = htinfo.hostlen;
}
else {
haystack = htinfo.url;
hlen = htinfo.urllen;
}
split(needle, wordlist, next, token) {
nlen = strlen(needle);
SPARQ_LOG("keyword=%s, nlen=%d, hlen=%d\n", needle, nlen, hlen);
if (!nlen || !hlen || nlen > hlen) continue;
if (search(needle, haystack, nlen, hlen) != NULL) {
found = 1;
break;
}
}
int url_check_check_preview(char *preview_data, int preview_data_len,
ci_request_t * req)
{
ci_headers_list_t *req_header;
struct url_check_data *uc = ci_service_data(req);
struct http_info httpinf;
struct profile *profile;
int pass = DB_PASS;
if ((req_header = ci_http_request_headers(req)) == NULL) /*It is not possible but who knows ..... */
return CI_ERROR;
if (!get_http_info(req, req_header, &httpinf)) /*Unknown method or something else...*/
return CI_MOD_ALLOW204;
ci_debug_printf(9, "URL to host %s\n", httpinf.site);
ci_debug_printf(9, "URL page %s\n", httpinf.url);
profile = profile_select(req);
if (!profile) {
ci_debug_printf(1, "No Profile configured! Allowing the request...\n");
return CI_MOD_ALLOW204;
}
if ((pass=profile_access(profile, &httpinf)) == DB_ERROR) {
ci_debug_printf(1,"Error searching in profile! Allow the request\n");
return CI_MOD_ALLOW204;;
}
if (pass == DB_BLOCK) {
/*The URL is not a good one so.... */
ci_debug_printf(9, "Oh!!! we are going to deny this site.....\n");
uc->denied = 1;
uc->body = ci_cached_file_new(strlen(error_message) + 10);
ci_http_response_create(req, 1, 1); /*Build the responce headers */
ci_http_response_add_header(req, "HTTP/1.0 403 Forbidden"); /*Send an 403 Forbidden http responce to web client */
ci_http_response_add_header(req, "Server: C-ICAP");
ci_http_response_add_header(req, "Content-Type: text/html");
ci_http_response_add_header(req, "Content-Language: en");
ci_http_response_add_header(req, "Connection: close");
ci_cached_file_write(uc->body, error_message, strlen(error_message),
1);
}
else {
/*if we are inside preview negotiation or client allow204 responces oudsite of preview then */
if (preview_data || ci_req_allow204(req))
return CI_MOD_ALLOW204;
/*
icap client does not support preview of data in reqmod requests neither 204 responces outside preview
so we need to read all the body if exists and send it back to client.
Allocate a new body for it
*/
if (ci_req_hasbody(req)) {
int clen = ci_http_content_length(req) + 100;
uc->body = ci_cached_file_new(clen);
}
}
unlock_data(req);
return CI_MOD_CONTINUE;
}
