/* * Simple forking HTTP proxy. It is an HTTP/1.0 proxy with knowledge of * HTTP/1.1. (The things lacking for HTTP/1.1 are the chunked transfer encoding * and the expect mechanism.) The proxy supports the CONNECT, GET, HEAD, and * POST methods. It supports Basic and Digest authentication of clients (use the * --proxy-auth option). * * HTTP/1.1 is defined in RFC 2616. Many comments refer to that document. * http://tools.ietf.org/html/rfc2616 * * HTTP authentication is discussed in RFC 2617. * http://tools.ietf.org/html/rfc2617 * * The CONNECT method is documented in an Internet draft and is specified as the * way to proxy HTTPS in RFC 2817, section 5. * http://tools.ietf.org/html/draft-luotonen-web-proxy-tunneling-01 * http://tools.ietf.org/html/rfc2817#section-5 * * The CONNECT method is not limited to HTTP, but is potentially capable of * connecting to any TCP port on any host. The proxy connection is requested * with an HTTP request, but after that, the proxy does no interpretation of the * data passing through it. See section 6 of the above mentioned draft for the * security implications. */ int ncat_http_server(void) { int c, s; socklen_t sslen; union sockaddr_u conn; #ifndef WIN32 Signal(SIGCHLD, proxyreaper); #endif #if HAVE_HTTP_DIGEST http_digest_init_secret(); #endif #ifdef HAVE_OPENSSL if (o.ssl) setup_ssl_listen(); #endif s = do_listen(SOCK_STREAM, IPPROTO_TCP); for (;;) { sslen = sizeof(conn.storage); c = accept(s, &conn.sockaddr, &sslen); if (c == -1) { if (errno == EINTR) continue; die("accept"); } if (!allow_access(&conn)) { Close(c); continue; } fork_handler(s, c); } return 0; }
/* * Simple forking HTTP proxy. It is an HTTP/1.0 proxy with knowledge of * HTTP/1.1. (The things lacking for HTTP/1.1 are the chunked transfer encoding * and the expect mechanism.) The proxy supports the CONNECT, GET, HEAD, and * POST methods. It supports Basic and Digest authentication of clients (use the * --proxy-auth option). * * HTTP/1.1 is defined in RFC 2616. Many comments refer to that document. * http://tools.ietf.org/html/rfc2616 * * HTTP authentication is discussed in RFC 2617. * http://tools.ietf.org/html/rfc2617 * * The CONNECT method is documented in an Internet draft and is specified as the * way to proxy HTTPS in RFC 2817, section 5. * http://tools.ietf.org/html/draft-luotonen-web-proxy-tunneling-01 * http://tools.ietf.org/html/rfc2817#section-5 * * The CONNECT method is not limited to HTTP, but is potentially capable of * connecting to any TCP port on any host. The proxy connection is requested * with an HTTP request, but after that, the proxy does no interpretation of the * data passing through it. See section 6 of the above mentioned draft for the * security implications. */ int ncat_http_server(void) { int c, i, j; int listen_socket[NUM_LISTEN_ADDRS]; socklen_t sslen; union sockaddr_u conn; struct timeval tv; struct timeval *tvp = NULL; #ifndef WIN32 Signal(SIGCHLD, proxyreaper); #endif #if HAVE_HTTP_DIGEST http_digest_init_secret(); #endif #ifdef HAVE_OPENSSL if (o.ssl) setup_ssl_listen(); #endif /* Clear the socket list */ for (i = 0; i < NUM_LISTEN_ADDRS; i++) listen_socket[i] = -1; /* set for selecting listening sockets */ fd_set listen_fds; fd_list_t listen_fdlist; FD_ZERO(&listen_fds); init_fdlist(&listen_fdlist, num_listenaddrs); /* Listen on each address, set up lists for select */ for (i = 0; i < num_listenaddrs; i++) { listen_socket[i] = do_listen(SOCK_STREAM, IPPROTO_TCP, &listenaddrs[i]); /* make us not block on accepts in wierd cases. See ncat_listen.c:209 */ unblock_socket(listen_socket[i]); /* setup select sets and max fd */ FD_SET(listen_socket[i], &listen_fds); add_fd(&listen_fdlist, listen_socket[i]); } if (o.idletimeout > 0) tvp = &tv; for (;;) { fd_set read_fds; sslen = sizeof(conn.storage); /* * We just select to get a list of sockets which we can talk to */ if (o.debug > 1) logdebug("selecting, fdmax %d\n", listen_fdlist.fdmax); read_fds = listen_fds; if (o.idletimeout > 0) ms_to_timeval(tvp, o.idletimeout); int fds_ready = fselect(listen_fdlist.fdmax + 1, &read_fds, NULL, NULL, tvp); if (o.debug > 1) logdebug("select returned %d fds ready\n", fds_ready); if (fds_ready == 0) bye("Idle timeout expired (%d ms).", o.idletimeout); for (i = 0; i <= listen_fdlist.fdmax && fds_ready > 0; i++) { /* Loop through descriptors until there is something ready */ if (!FD_ISSET(i, &read_fds)) continue; /* Check each listening socket */ for (j = 0; j < num_listenaddrs; j++) { if (i == listen_socket[j]) { fds_ready--; c = accept(i, &conn.sockaddr, &sslen); if (c == -1) { if (errno == EINTR) continue; die("accept"); } if (!allow_access(&conn)) { Close(c); continue; } if (o.debug > 1) logdebug("forking handler for %d\n", i); fork_handler(i, c); } } } } return 0; }