[stunnel-users] xforwardfor-patch
Alexander Lazic
al-stunnel at none.at
Wed Dec 29 16:33:06 CET 2004
Hi,
i have attached my xforwardfor-patch for stunnel-4.06 ;-)
al ;-)
-------------- next part --------------
diff -ruNH stunnel-4.06_orig/src/client.c stunnel-4.06/src/client.c
--- stunnel-4.06_orig/src/client.c 2004-12-26 00:42:08.000000000 +0100
+++ stunnel-4.06/src/client.c 2004-12-29 16:25:48.125017255 +0100
@@ -111,6 +111,7 @@
#endif
c->remote_fd.fd=-1;
c->ssl=NULL;
+ c->header_length = 0;
cleanup(c, do_client(c));
#ifdef USE_FORK
if(!c->opt->option.remote) /* 'exec' specified */
@@ -194,6 +195,13 @@
c->accepting_address);
return -1;
}
+
+ /* create X-Forwarded-For header if necessary */
+ if (c->opt->option.xforwardedfor) {
+ sprintf(c->header_buff, "X-Forwarded-For: %s\r\n", c->accepting_address);
+ c->header_length = strlen(c->header_buff);
+ s_log(LOG_DEBUG, "X-Forwarded-For header is '%s' [%d]", c->header_buff, c->header_length);
+ }
s_log(LOG_NOTICE, "%s connected from %s",
c->opt->servname, c->accepting_address);
}
@@ -361,6 +369,7 @@
/* 0=not closing SSL, 1=initiate SSL_shutdown,
* 2=retry SSL_shutdown, 3=SSL_shutdown done */
int watchdog=0; /* a counter to detect an infinite loop */
+ int header_sent = 0;
c->sock_ptr=c->ssl_ptr=0;
sock_rd=sock_wr=ssl_rd=ssl_wr=1;
@@ -456,6 +465,26 @@
s_log(LOG_DEBUG, "No data written to the socket: retrying");
break;
default:
+
+ /* insert X-Forwarded-For header if desired and not yet included */
+ if (c->opt->option.xforwardedfor && ! header_sent) {
+ char *eol = memchr(c->ssl_buff, '\n', num);
+
+ if (eol) {
+
+ /* make room for X-Forwarded-For header */
+ memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff) + 1);
+
+ /* insert X-Forwarded-For header */
+ memcpy(eol + 1, c->header_buff, c->header_length);
+ c->ssl_ptr = num += c->header_length+1;
+ s_log(LOG_DEBUG, "re-written buffer is '%.*s' [%d]\n\n", num, c->ssl_buff, num);
+ }else{
+ s_log(LOG_DEBUG, "can't add X-Forwarded-For header\n");
+ }
+ header_sent = 1;
+ }
+
memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-num);
if(c->ssl_ptr==BUFFSIZE)
check_SSL_pending=1;
diff -ruNH stunnel-4.06_orig/src/options.c stunnel-4.06/src/options.c
--- stunnel-4.06_orig/src/options.c 2004-12-25 23:46:32.000000000 +0100
+++ stunnel-4.06/src/options.c 2004-12-29 13:20:23.000000000 +0100
@@ -978,6 +978,29 @@
}
#endif
+ /* xforwardedfor */
+ switch(cmd) {
+ case CMD_INIT:
+ section->option.xforwardedfor=0;
+ break;
+ case CMD_EXEC:
+ if(strcasecmp(opt, "xforwardedfor"))
+ break;
+ if(!strcasecmp(arg, "yes"))
+ section->option.xforwardedfor=1;
+ else if(!strcasecmp(arg, "no"))
+ section->option.xforwardedfor=0;
+ else
+ return "argument should be either 'yes' or 'no'";
+ return NULL; /* OK */
+ case CMD_DEFAULT:
+ break;
+ case CMD_HELP:
+ log_raw("%-15s = yes|no send X-Forwarded-For HTTP headers",
+ "xforwardedfor");
+ break;
+ }
+
if(cmd==CMD_EXEC)
return option_not_found;
return NULL; /* OK */
diff -ruNH stunnel-4.06_orig/src/prototypes.h stunnel-4.06/src/prototypes.h
--- stunnel-4.06_orig/src/prototypes.h 2004-12-25 22:24:09.000000000 +0100
+++ stunnel-4.06/src/prototypes.h 2004-12-29 11:12:36.000000000 +0100
@@ -195,6 +195,7 @@
unsigned int delayed_lookup:1;
unsigned int accept:1;
unsigned int remote:1;
+ unsigned int xforwardedfor:1;
#ifndef USE_WIN32
unsigned int program:1;
unsigned int pty:1;
@@ -252,6 +253,8 @@
FD *sock_rfd, *sock_wfd; /* Read and write socket descriptors */
FD *ssl_rfd, *ssl_wfd; /* Read and write SSL descriptors */
int sock_bytes, ssl_bytes; /* Bytes written to socket and ssl */
+ char header_buff[48]; /* Text of X-Forwarded-For header */
+ int header_length; /* Length of X-Forwarded-For header */
} CLI;
extern int max_clients;
More information about the stunnel-users
mailing list