-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Jeroen
committed
Jun 29, 2011
0 parents
commit 2ce9664
Showing
12 changed files
with
1,330 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| * 2011/06/28 v1.04 Jeroen Nijhof <[email protected]> | ||
| Project renamed to openufp (Open URL Filtering Proxy) | ||
| Moved frontend and backend support code in own files | ||
| Added websense frontend support | ||
| Added blacklist backend option but not yet complete | ||
|
|
||
| * 2011/06/19 v1.03 Jeroen Nijhof <[email protected]> | ||
| Added redirect url option when client url has been denied. | ||
| Fixed n2h2 header sizes for sending, the big size were causing | ||
| problems for some old Cisco PIX hardware | ||
| Cleaned up code and made it more readable | ||
| Created struct n2h2_req to store all request info | ||
|
|
||
| Special thanks to Martijn Langendoen for testing and | ||
| Merijntje Tak who has provided me with a 1337 test environment | ||
|
|
||
| * 2011/06/17 v1.02 Jeroen Nijhof <[email protected]> | ||
| Version major changed. | ||
| Using getopt for commandline option handling. | ||
| Better error handling and logging by syslog. | ||
| Added local port option. | ||
| Added debug level option. | ||
| Daemonized. | ||
|
|
||
| * 0.02 - Jeroen Nijhof <[email protected]> | ||
| Changed default CFLAGS in Makefile | ||
| Using fflush for using output redirection. | ||
| Added SIGCHLD handling for dead child's. | ||
|
|
||
| * 0.01 - Jeroen Nijhof <[email protected]> | ||
| Original code init. |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # make the openufp server | ||
| # | ||
| OWNER=root | ||
| GROUP=root | ||
| CC=gcc | ||
| CFLAGS=-O2 -Wall | ||
| SBINDIR=/usr/sbin | ||
|
|
||
| all: openufp | ||
|
|
||
| openufp: | ||
| $(CC) $(CFLAGS) openufp.c n2h2.c websense.c proxy.c -o $@ | ||
|
|
||
| install: openufp | ||
| install -c -o $(OWNER) -g $(GROUP) -m 755 openufp $(SBINDIR) | ||
|
|
||
| clean: | ||
| rm -f openufp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| TODO | ||
|
|
||
| HIGH | ||
| - Do far more websense testing and add redirect support | ||
|
|
||
| LOW | ||
| - Add a redirect url file where you can define differend redirect urls per source ip | ||
| - Add tcp spoof option so you can use the client ip to connect to the proxy server, | ||
| this requires the use of raw socket. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,127 @@ | ||
| /* openufp server | ||
| * | ||
| * author: Jeroen Nijhof | ||
| * version: 1.04 | ||
| * license: GPL v3.0 | ||
| * | ||
| * n2h2.c: n2h2 frontend | ||
| */ | ||
|
|
||
| #include "openufp.h" | ||
|
|
||
| void n2h2_alive(int fd, struct sockaddr_in cli_addr, char req_id[REQID]) { | ||
| char mesg_alive[N2H2RES]; | ||
| int i; | ||
|
|
||
| mesg_alive[0] = 3; | ||
| mesg_alive[1] = 2; | ||
| for(i = 0; i < 4; i++) | ||
| mesg_alive[2+i] = req_id[i]; | ||
| for(i = 0; i < 4; i++) | ||
| mesg_alive[6+i] = 0; | ||
|
|
||
| // send alive response | ||
| sendto(fd, mesg_alive, N2H2RES, 0, (struct sockaddr *)&cli_addr, sizeof(cli_addr)); | ||
| } | ||
|
|
||
| void n2h2_accept(int fd, struct sockaddr_in cli_addr, char req_id[REQID]) { | ||
| char mesg_accept[N2H2RES]; | ||
| int i; | ||
|
|
||
| mesg_accept[0] = 0; | ||
| mesg_accept[1] = 2; | ||
| for(i = 0; i < 4; i++) | ||
| mesg_accept[2+i] = req_id[i]; | ||
| for(i = 0; i < 4; i++) | ||
| mesg_accept[6+i] = 0; | ||
|
|
||
| // send accept response | ||
| sendto(fd, mesg_accept, N2H2RES, 0, (struct sockaddr *)&cli_addr, sizeof(cli_addr)); | ||
| } | ||
|
|
||
| void n2h2_deny(int fd, struct sockaddr_in cli_addr, char req_id[REQID], char *redirect_url) { | ||
| char mesg_denied[N2H2RES+URL]; | ||
| int redirect_url_len = 0; | ||
| int i; | ||
|
|
||
| mesg_denied[0] = 1; | ||
| mesg_denied[1] = 2; | ||
| for(i = 0; i < 4; i++) | ||
| mesg_denied[2+i] = req_id[i]; | ||
| if (redirect_url != NULL) { | ||
| redirect_url_len = strlen(redirect_url) + 1; | ||
| if (redirect_url_len > URL) { | ||
| redirect_url_len = 0; | ||
| for(i = 0; i < 4; i++) | ||
| mesg_denied[6+i] = 0; | ||
| } else { | ||
| mesg_denied[6] = redirect_url_len / 768; | ||
| mesg_denied[7] = (redirect_url_len % 768) / 512; | ||
| mesg_denied[8] = ((redirect_url_len % 768) % 512) / 256; | ||
| mesg_denied[9] = ((redirect_url_len % 768) % 512) % 256; | ||
| for(i = 0; i < redirect_url_len; i++) | ||
| mesg_denied[N2H2RES+i] = redirect_url[i]; | ||
| } | ||
| } else { | ||
| for(i = 0; i < 4; i++) | ||
| mesg_denied[6+i] = 0; | ||
| } | ||
|
|
||
| // send denied response | ||
| sendto(fd, mesg_denied, N2H2RES + redirect_url_len, 0, (struct sockaddr *)&cli_addr, sizeof(cli_addr)); | ||
| } | ||
|
|
||
| struct uf_request n2h2_request(char mesg[REQ]) { | ||
| // URL Request req(2),reqid(4),srcip(4),dstip(4),urllen(2),usrlen(2),url(urllen),user(usrlen) | ||
| struct uf_request request; | ||
| int ips[8]; | ||
| int i; | ||
|
|
||
| // Get type of request | ||
| if ((mesg[0] == 2) && (mesg[1] == 3)) { | ||
| request.type = N2H2ALIVE; | ||
| } | ||
| if ((mesg[0] == 2) && (mesg[1] == 0)) { | ||
| request.type = N2H2REQ; | ||
| } | ||
|
|
||
| // Get request id | ||
| for(i = 0; i < 4; i++) | ||
| request.id[i] = mesg[2+i]; | ||
|
|
||
| // fetch srcip and dstip | ||
| for(i = 0; i < 8; i++) { | ||
| ips[i] = mesg[6+i]; | ||
| if (ips[i] < 0) | ||
| ips[i] += 256; | ||
| } | ||
| bzero(request.srcip, sizeof(request.srcip)); | ||
| bzero(request.dstip, sizeof(request.dstip)); | ||
| sprintf(request.srcip,"%d.%d.%d.%d", ips[0], ips[1], ips[2], ips[3]); | ||
| sprintf(request.dstip,"%d.%d.%d.%d", ips[4], ips[5], ips[6], ips[7]); | ||
|
|
||
| // fetch url length | ||
| request.urllen = (mesg[14]*256) + mesg[15]; | ||
| if (request.urllen < 0) | ||
| request.urllen += 256; | ||
| if (request.urllen > URL) | ||
| request.urllen = URL; | ||
|
|
||
| // fetch user length | ||
| request.usrlen = (mesg[16]*256) + mesg[17]; | ||
| if (request.usrlen < 0) | ||
| request.usrlen += 256; | ||
| if (request.usrlen > USER) | ||
| request.usrlen = USER; | ||
|
|
||
| // fetch url | ||
| for(i = 0; i < request.urllen; i++) | ||
| request.url[i] = mesg[18+i]; | ||
|
|
||
| // fetch user | ||
| for(i = 0; i < request.usrlen; i++) | ||
| request.user[i] = mesg[18+request.urllen+i]; | ||
|
|
||
| return request; | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| /* openufp server | ||
| * | ||
| * author: Jeroen Nijhof | ||
| * version: 1.04 | ||
| * license: GPL v3.0 | ||
| * | ||
| * n2h2.h: n2h2 frontend | ||
| */ | ||
|
|
||
| #define N2H2 1 | ||
| #define N2H2REQ 3 | ||
| #define N2H2ALIVE 5 | ||
| #define N2H2RES 10 | ||
|
|
||
| extern void n2h2_alive(int fd, struct sockaddr_in cli_addr, char req_id[REQID]); | ||
| extern void n2h2_accept(int fd, struct sockaddr_in cli_addr, char req_id[REQID]); | ||
| extern void n2h2_deny(int fd, struct sockaddr_in cli_addr, char req_id[REQID], char *redirect_url); | ||
| extern struct uf_request n2h2_request(char mesg[REQ]); | ||
|
|
Oops, something went wrong.