install:
$(INSTALL) -b -m 644 -D ./sslproxy.logger_init.cf /etc/l7vs/sslproxy/sslproxy.logger_init.cf
- $(INSTALL) -b -m 644 -D ./sslproxy.target.cf /etc/l7vs/sslproxy/sslproxy.target.cf
+ $(INSTALL) -b -m 644 -D ./sslproxy.target_1.cf /etc/l7vs/sslproxy/sslproxy.target.cf
$(INSTALL) -b -m 644 -D ./sslproxyadm.cf /etc/l7vs/sslproxy/sslproxyadm.cf
$(INSTALL) -b -m 644 -D ./sslproxyadm.logrotate /etc/logrotate.d/sslproxyadm
# Tell versions [3.59,3.63) of GNU make to not export all variables.
session_cache_timeout = 300
# Packet edit configuration.
-edit_client_msg = "off"
-edit_server_msg = "off"
-http_request_header = "add:X-Forwarded-For:%{REMOTE_ADDR}"
-http_request_header = "set:X-Forwarded-Proto:https"
-http_request_header = "set:Via:%{LOCAL_ADDR}"
-http_request_header = "remove:Cookie"
+# http_request_header: Edit HTTP client request header message.
+# http_response_header: Edit HTTP server response header message.
+# Format: "mode:header-field-name[:header-field-value[:replace-value]]
+# Mode: 'set', 'unset', 'add' or 'replace'
+# Macro: %{CLIENT_ADDR} -> client IP address
+# %{CLIENT_PORT} -> client port number
+# %{SERVER_ADDR} -> server IP address
+# %{SERVER_PORT} -> server port number
+# %{RECV_ADDR} -> sslproxy IP address
+# %{RECV_PORT} -> sslproxy port number
+# Example: Insert or overwrite "X-Forwarded-Proto: https"
+#http_request_header = "set:X-Forwarded-Proto:https"
+# Example: Change Host to real address
+#http_request_header = "set:Host:%{SERVER_ADDR}:%{SERVER_PORT}"
+# Example: Remove "Cookie" field
+#http_request_header = "unset:Cookie"
+# Example: Add "X-Forwarded-For: old-value,new-value"
+# or insert "X-Forwarded-For: new-value"
+#http_request_header = "add:X-Forwarded-For:%{CLIENT_ADDR}"
+# Example: Add or insert "Via"
+#http_request_header = "add:Via:HTTP/1.1 myserver (sslproxy/1.0)"
+# Example: Replace keep-alive to close
+#http_request_header = "replace:Connection:keep-alive:close"
+# Example: Replace MSIE User-Agent to Firefox (regex)
+#http_request_header = "replace:User-Agent:^.*MSIE.*$:Mozilla/5.0 (Windows; U; Windows NT 5.1) Firefox/3.0.0"
+# Example: Add "Set-Cookie"
+#http_response_header = "add:Set-Cookie:sslproxy=on; path=/; secure"
+# Example: Remove "Server"
+#http_response_header = "unset:Server"
+# Example: Change "Content-Type" text/html to text/plain
+#http_response_header = "replace:Content-Type:html:plain"
[logger]
## SSLProxy log configuration.
std::string incomplete;
std::string raw_message;
bool modified;
- std::string convert_upper_camel_case(std::string);
+ std::string convert_upper_camel_case(std::string) const;
public:
http_message();
http_message( std::string );
~http_message();
- field_range header( std::string );
+ field_range header( std::string ) const;
void header( std::string, std::string );
- std::string body();
+ std::string body() const;
std::string body( std::string );
std::string as_string();
http_request( std::string );
~http_request();
- std::string method();
+ std::string method() const;
std::string method( std::string );
- std::string request_uri();
+ std::string request_uri() const;
std::string request_uri( std::string );
- std::string http_version();
+ std::string http_version() const;
std::string http_version( std::string );
- std::string request_line();
+ std::string request_line() const;
std::string as_string();
void parse( std::string );
void rebuild();
http_response( std::string );
~http_response();
- std::string http_version();
+ std::string http_version() const;
std::string http_version( std::string );
- std::string status_code();
+ std::string status_code() const;
std::string status_code( std::string );
- std::string reason_phrase();
+ std::string reason_phrase() const;
std::string reason_phrase( std::string );
- std::string status_line();
+ std::string status_line() const;
std::string as_string();
void parse( std::string );
void rebuild();
--- /dev/null
+/*
+ * @file packet_editor.h
+ * @brief Packet Editor Header
+ *
+ * Copyright (C) 2009 NTT COMWARE Corporation.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ *
+ **********************************************************************/
+
+#ifndef __PACKET_EDITOR_H__
+#define __PACKET_EDITOR_H__
+
+#include <vector>
+#include "logger_wrapper.h"
+#include "sslproxy.h"
+#include "sslproxysession.h"
+#include "http_message.h"
+#include "http_request.h"
+#include "http_response.h"
+
+class packet_editor
+{
+private:
+ const sslproxy_session* session;
+ void expand_macro(std::string&);
+ std::vector<std::string> split(const std::string&, const std::string&, int);
+
+public:
+ packet_editor(const sslproxy_session*);
+ ~packet_editor();
+ void edit_client(char*, size_t&);
+ void edit_server(char*, size_t&);
+};
+
+#endif //__PACKET_EDITOR_H__
#define DEFAULT_CONN_LOG_FLAG "on"
#define DEFAULT_SSL_METHOD boost::asio::ssl::context::sslv23 //! SSLv23_method
-#define DEFAULT_EDIT_CLIENT_MSG false
-#define DEFAULT_EDIT_SERVER_MSG false
-#define NONE_X_FORWARDED_FOR 0
-#define ADD_X_FORWARDED_FOR 1
-#define SET_X_FORWARDED_FOR 2
-#define DELETE_X_FORWARDED_FOR 3
-#define DEFAULT_X_FORWARDED_FOR_MODE NONE_X_FORWARDED_FOR
-#define DEFAULT_CUSTOM_FIELD ""
+#define DEFAULT_CLIENT_EDIT false
+#define DEFAULT_SERVER_EDIT false
#define MAX_PASSWD_SIZE 256
#define MAX_READ_SIZE 4096
#define MAX_EDIT_SIZE MAX_READ_SIZE
extern long session_cache_size;
extern long session_cache_timeout;
extern std::string conn_log_flag;
-extern bool edit_client_msg;
-extern bool edit_server_msg;
-extern int x_forwarded_for_mode;
-extern std::string custom_field;
+extern bool client_packet_edit;
+extern bool server_packet_edit;
+extern std::list<std::pair<std::string, std::string > > http_request_header;
+extern std::list<std::pair<std::string, std::string > > http_response_header;
#endif //__SSLPROXY_H__
// Low level socket getting function.
ssl_socket::lowest_layer_type& low_socket();
// Get remote endpoint (client address:port) function.
- std::string get_remote_endpoint(ssl_socket& socket);
+ std::string get_remote_endpoint() const;
// Session start function
void start();
// Timer cancel function.
void handle_client_write(const boost::system::error_code& error, size_t bytes_transferred);
// Edit client message function.
void edit_client_message(size_t& bytes_transferred);
- // Verify HTTP request format function.
- bool is_http_request(size_t bytes_transferred);
+ // Edit server message function.
+ void edit_server_message(size_t& bytes_transferred);
};
#endif //__SSLPROXYSESSION_H__
../include/sslproxy.h \
../include/sslproxyserver.h \
../include/sslproxysession.h \
+ ../include/packet_editor.h \
../include/http_message.h \
../include/http_request.h \
../include/http_response.h \
sslproxymain.cpp \
sslproxyserver.cpp \
sslproxysession.cpp \
+ packet_editor.cpp \
http_message.cpp \
http_request.cpp \
http_response.cpp
-llog4cxx \
-lrt \
-lssl \
+ -lboost_regex-gcc41-mt \
-lboost_system-gcc41-mt \
-lboost_thread-gcc41-mt
sslproxy-sslproxymain.$(OBJEXT) \
sslproxy-sslproxyserver.$(OBJEXT) \
sslproxy-sslproxysession.$(OBJEXT) \
- sslproxy-httprequest.$(OBJEXT)
+ sslproxy-packet_editor.$(OBJEXT) \
+ sslproxy-http_message.$(OBJEXT) \
+ sslproxy-http_request.$(OBJEXT) \
+ sslproxy-http_response.$(OBJEXT)
sslproxy_OBJECTS = $(am_sslproxy_OBJECTS)
sslproxy_DEPENDENCIES = ../logger/libsslproxy_logger.a \
../parameter/libsslproxy_parameter.a
../include/sslproxy.h \
../include/sslproxyserver.h \
../include/sslproxysession.h \
- ../include/httprequest.h \
+ ../include/packet_editor.h \
+ ../include/http_message.h \
+ ../include/http_request.h \
+ ../include/http_response.h \
sslproxy.cpp \
sslproxymain.cpp \
sslproxyserver.cpp \
sslproxysession.cpp \
- httprequest.cpp
+ packet_editor.cpp \
+ http_message.cpp \
+ http_request.cpp \
+ http_response.cpp
sslproxy_LDADD = ../logger/libsslproxy_logger.a \
../parameter/libsslproxy_parameter.a \
-llog4cxx \
-lrt \
-lssl \
+ -lboost_regex-gcc41-mt \
-lboost_system-gcc41-mt \
-lboost_thread-gcc41-mt
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslproxy-httprequest.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslproxy-http_message.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslproxy-http_request.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslproxy-http_response.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslproxy-packet_editor.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslproxy-sslproxy.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslproxy-sslproxymain.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sslproxy-sslproxyserver.Po@am__quote@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-sslproxysession.obj `if test -f 'sslproxysession.cpp'; then $(CYGPATH_W) 'sslproxysession.cpp'; else $(CYGPATH_W) '$(srcdir)/sslproxysession.cpp'; fi`
-sslproxy-httprequest.o: httprequest.cpp
-@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-httprequest.o -MD -MP -MF "$(DEPDIR)/sslproxy-httprequest.Tpo" -c -o sslproxy-httprequest.o `test -f 'httprequest.cpp' || echo '$(srcdir)/'`httprequest.cpp; \
-@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-httprequest.Tpo" "$(DEPDIR)/sslproxy-httprequest.Po"; else rm -f "$(DEPDIR)/sslproxy-httprequest.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='httprequest.cpp' object='sslproxy-httprequest.o' libtool=no @AMDEPBACKSLASH@
+sslproxy-packet_editor.o: packet_editor.cpp
+@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-packet_editor.o -MD -MP -MF "$(DEPDIR)/sslproxy-packet_editor.Tpo" -c -o sslproxy-packet_editor.o `test -f 'packet_editor.cpp' || echo '$(srcdir)/'`packet_editor.cpp; \
+@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-packet_editor.Tpo" "$(DEPDIR)/sslproxy-packet_editor.Po"; else rm -f "$(DEPDIR)/sslproxy-packet_editor.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='packet_editor.cpp' object='sslproxy-packet_editor.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-httprequest.o `test -f 'httprequest.cpp' || echo '$(srcdir)/'`httprequest.cpp
+@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-packet_editor.o `test -f 'packet_editor.cpp' || echo '$(srcdir)/'`packet_editor.cpp
-sslproxy-httprequest.obj: httprequest.cpp
-@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-httprequest.obj -MD -MP -MF "$(DEPDIR)/sslproxy-httprequest.Tpo" -c -o sslproxy-httprequest.obj `if test -f 'httprequest.cpp'; then $(CYGPATH_W) 'httprequest.cpp'; else $(CYGPATH_W) '$(srcdir)/httprequest.cpp'; fi`; \
-@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-httprequest.Tpo" "$(DEPDIR)/sslproxy-httprequest.Po"; else rm -f "$(DEPDIR)/sslproxy-httprequest.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='httprequest.cpp' object='sslproxy-httprequest.obj' libtool=no @AMDEPBACKSLASH@
+sslproxy-packet_editor.obj: packet_editor.cpp
+@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-packet_editor.obj -MD -MP -MF "$(DEPDIR)/sslproxy-packet_editor.Tpo" -c -o sslproxy-packet_editor.obj `if test -f 'packet_editor.cpp'; then $(CYGPATH_W) 'packet_editor.cpp'; else $(CYGPATH_W) '$(srcdir)/packet_editor.cpp'; fi`; \
+@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-packet_editor.Tpo" "$(DEPDIR)/sslproxy-packet_editor.Po"; else rm -f "$(DEPDIR)/sslproxy-packet_editor.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='packet_editor.cpp' object='sslproxy-packet_editor.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-httprequest.obj `if test -f 'httprequest.cpp'; then $(CYGPATH_W) 'httprequest.cpp'; else $(CYGPATH_W) '$(srcdir)/httprequest.cpp'; fi`
+@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-packet_editor.obj `if test -f 'packet_editor.cpp'; then $(CYGPATH_W) 'packet_editor.cpp'; else $(CYGPATH_W) '$(srcdir)/packet_editor.cpp'; fi`
+
+sslproxy-http_message.o: http_message.cpp
+@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-http_message.o -MD -MP -MF "$(DEPDIR)/sslproxy-http_message.Tpo" -c -o sslproxy-http_message.o `test -f 'http_message.cpp' || echo '$(srcdir)/'`http_message.cpp; \
+@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-http_message.Tpo" "$(DEPDIR)/sslproxy-http_message.Po"; else rm -f "$(DEPDIR)/sslproxy-http_message.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='http_message.cpp' object='sslproxy-http_message.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-http_message.o `test -f 'http_message.cpp' || echo '$(srcdir)/'`http_message.cpp
+
+sslproxy-http_message.obj: http_message.cpp
+@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-http_message.obj -MD -MP -MF "$(DEPDIR)/sslproxy-http_message.Tpo" -c -o sslproxy-http_message.obj `if test -f 'http_message.cpp'; then $(CYGPATH_W) 'http_message.cpp'; else $(CYGPATH_W) '$(srcdir)/http_message.cpp'; fi`; \
+@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-http_message.Tpo" "$(DEPDIR)/sslproxy-http_message.Po"; else rm -f "$(DEPDIR)/sslproxy-http_message.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='http_message.cpp' object='sslproxy-http_message.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-http_message.obj `if test -f 'http_message.cpp'; then $(CYGPATH_W) 'http_message.cpp'; else $(CYGPATH_W) '$(srcdir)/http_message.cpp'; fi`
+
+sslproxy-http_request.o: http_request.cpp
+@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-http_request.o -MD -MP -MF "$(DEPDIR)/sslproxy-http_request.Tpo" -c -o sslproxy-http_request.o `test -f 'http_request.cpp' || echo '$(srcdir)/'`http_request.cpp; \
+@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-http_request.Tpo" "$(DEPDIR)/sslproxy-http_request.Po"; else rm -f "$(DEPDIR)/sslproxy-http_request.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='http_request.cpp' object='sslproxy-http_request.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-http_request.o `test -f 'http_request.cpp' || echo '$(srcdir)/'`http_request.cpp
+
+sslproxy-http_request.obj: http_request.cpp
+@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-http_request.obj -MD -MP -MF "$(DEPDIR)/sslproxy-http_request.Tpo" -c -o sslproxy-http_request.obj `if test -f 'http_request.cpp'; then $(CYGPATH_W) 'http_request.cpp'; else $(CYGPATH_W) '$(srcdir)/http_request.cpp'; fi`; \
+@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-http_request.Tpo" "$(DEPDIR)/sslproxy-http_request.Po"; else rm -f "$(DEPDIR)/sslproxy-http_request.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='http_request.cpp' object='sslproxy-http_request.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-http_request.obj `if test -f 'http_request.cpp'; then $(CYGPATH_W) 'http_request.cpp'; else $(CYGPATH_W) '$(srcdir)/http_request.cpp'; fi`
+
+sslproxy-http_response.o: http_response.cpp
+@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-http_response.o -MD -MP -MF "$(DEPDIR)/sslproxy-http_response.Tpo" -c -o sslproxy-http_response.o `test -f 'http_response.cpp' || echo '$(srcdir)/'`http_response.cpp; \
+@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-http_response.Tpo" "$(DEPDIR)/sslproxy-http_response.Po"; else rm -f "$(DEPDIR)/sslproxy-http_response.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='http_response.cpp' object='sslproxy-http_response.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-http_response.o `test -f 'http_response.cpp' || echo '$(srcdir)/'`http_response.cpp
+
+sslproxy-http_response.obj: http_response.cpp
+@am__fastdepCXX_TRUE@ if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT sslproxy-http_response.obj -MD -MP -MF "$(DEPDIR)/sslproxy-http_response.Tpo" -c -o sslproxy-http_response.obj `if test -f 'http_response.cpp'; then $(CYGPATH_W) 'http_response.cpp'; else $(CYGPATH_W) '$(srcdir)/http_response.cpp'; fi`; \
+@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/sslproxy-http_response.Tpo" "$(DEPDIR)/sslproxy-http_response.Po"; else rm -f "$(DEPDIR)/sslproxy-http_response.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='http_response.cpp' object='sslproxy-http_response.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sslproxy_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o sslproxy-http_response.obj `if test -f 'http_response.cpp'; then $(CYGPATH_W) 'http_response.cpp'; else $(CYGPATH_W) '$(srcdir)/http_response.cpp'; fi`
uninstall-info-am:
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
* @param[in] field_name lookup field name
* @return header field value
*/
-field_range http_message::header(std::string field_name)
+field_range http_message::header(std::string field_name) const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return message body
*/
-std::string http_message::body()
+std::string http_message::body() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
* @param[in] field_name field name
* @return converted to camel case
*/
-std::string http_message::convert_upper_camel_case(std::string field_name)
+std::string http_message::convert_upper_camel_case(std::string field_name) const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return method
*/
-std::string http_request::method()
+std::string http_request::method() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return request URI
*/
-std::string http_request::request_uri()
+std::string http_request::request_uri() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return HTTP version
*/
-std::string http_request::http_version()
+std::string http_request::http_version() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return request line
*/
-std::string http_request::request_line()
+std::string http_request::request_line() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return HTTP version
*/
-std::string http_response::http_version()
+std::string http_response::http_version() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return status code
*/
-std::string http_response::status_code()
+std::string http_response::status_code() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return reason phrase
*/
-std::string http_response::reason_phrase()
+std::string http_response::reason_phrase() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
*
* @return status line
*/
-std::string http_response::status_line()
+std::string http_response::status_line() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT_HTTP)) {
--- /dev/null
+/*
+ * @file packet_editor.cpp
+ * @brief Packet Editor Header
+ *
+ * Copyright (C) 2009 NTT COMWARE Corporation.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ *
+ **********************************************************************/
+
+#include <boost/regex.hpp>
+#include "packet_editor.h"
+#include "sslproxy.h"
+#include "sslproxyserver.h"
+#include "sslproxysession.h"
+
+/*!
+ * Packet editor constructor.
+ */
+packet_editor::packet_editor(const sslproxy_session* session)
+{
+ /*-------- DEBUG LOG --------*/
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT)) {
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_PACKET_EDIT, 1, // XXX log
+ "in_function : Constructor packet_editor::packet_editor(const sslproxysession* session)");
+ }
+ /*------ DEBUG LOG END ------*/
+
+ this->session = session;
+
+ /*-------- DEBUG LOG --------*/
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT)) {
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_PACKET_EDIT, 1, // XXX log
+ "out_function : Constructor packet_editor::packet_editor(const sslproxysession* session)");
+ }
+ /*------ DEBUG LOG END ------*/
+}
+
+/*!
+ * Packet editor destructor.
+ */
+packet_editor::~packet_editor()
+{
+ /*-------- DEBUG LOG --------*/
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT)) {
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_PACKET_EDIT, 2, // XXX log
+ "in/out_function : Destructor packet_editor::~packet_editor(void)");
+ }
+ /*------ DEBUG LOG END ------*/
+}
+
+/*!
+ * Edit client message function.
+ */
+void packet_editor::edit_client(char* client_msg, size_t& client_length)
+{
+ /*-------- DEBUG LOG --------*/
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT)) {
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_PACKET_EDIT, 3, // XXX log
+ "in_function : void packet_editor::edit_client(char* client_msg, size_t& client_length) : "
+ "client_msg(%s), client_length(%d)", client_msg, client_length);
+
+ }
+ /*------ DEBUG LOG END ------*/
+
+ std::list<std::pair<std::string, std::string > >::iterator it, end;
+ it = ::http_request_header.begin();
+ end = ::http_request_header.end();
+ http_request request(std::string(client_msg, client_length));
+ for (;it != end; ++it) {
+ LOGGER_PUT_LOG_FATAL(LOG_CAT_PACKET_EDIT, 3, "mode: %s, header: %s", it->first.c_str(), it->second.c_str());
+ if (it->first == "set") {
+ std::vector<std::string> set_vector = split(it->second, ":", 2);
+ if (set_vector.size() == 2)
+ expand_macro(set_vector.at(1));
+ request.header(set_vector.at(0), set_vector.at(1));
+ }
+ else if (it->first == "unset") {
+ request.header(it->second, "");
+ }
+ else if (it->first == "add") {
+ std::vector<std::string> add_vector = split(it->second, ":", 2);
+ if (add_vector.size() == 2) {
+ field_range current_range = request.header(add_vector.at(0));
+ expand_macro(add_vector.at(1));
+ if (current_range.first != current_range.second) {
+ std::string new_value = current_range.first->second;
+ new_value += "," + add_vector.at(1);
+ request.header(add_vector.at(0), new_value);
+ } else {
+ request.header(add_vector.at(0), add_vector.at(1));
+ }
+ }
+ }
+ else if (it->first == "replace") {
+ std::vector<std::string> replace_vector = split(it->second, ":", 3);
+ if (replace_vector.size() == 3) {
+ field_range current_range = request.header(replace_vector.at(0));
+ expand_macro(replace_vector.at(1));
+ expand_macro(replace_vector.at(2));
+ boost::regex exp(replace_vector.at(1));
+ for (;current_range.first != current_range.second; current_range.first++) {
+ std::string new_value = current_range.first->second;
+ if (boost::regex_search(new_value, exp)) {
+ new_value = boost::regex_replace(new_value, exp, replace_vector.at(2));
+ request.header(replace_vector.at(0), new_value);
+ }
+ }
+ }
+ }
+ }
+ std::string edited = request.as_string();
+ if (edited.size() > MAX_BUFFER_SIZE) {
+ // XXX log
+ return;
+ }
+ client_length = edited.size();
+ memcpy(client_msg, edited.c_str(), client_length);
+
+ /*-------- DEBUG LOG --------*/
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT)) {
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_PACKET_EDIT, 3, // XXX log
+ "out_function : void packet_editor::edit_client(char* client_msg, size_t& client_length) : "
+ "client_msg(%s), client_length(%d)", client_msg, client_length);
+ }
+ /*------ DEBUG LOG END ------*/
+}
+
+/*!
+ * Edit server message function.
+ */
+void packet_editor::edit_server(char* server_msg, size_t& server_length)
+{
+ /*-------- DEBUG LOG --------*/
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT)) {
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_PACKET_EDIT, 3, // XXX log
+ "in_function : void packet_editor::edit_server(char* server_msg, size_t& server_length) : "
+ "server_msg(%s), server_length(%d)", server_msg, server_length);
+
+ }
+ /*------ DEBUG LOG END ------*/
+
+ std::list<std::pair<std::string, std::string > >::iterator it, end;
+ it = ::http_response_header.begin();
+ end = ::http_response_header.end();
+ http_response response(std::string(server_msg, server_length));
+ for (;it != end; ++it) {
+ LOGGER_PUT_LOG_FATAL(LOG_CAT_PACKET_EDIT, 3, "mode: %s, header: %s", it->first.c_str(), it->second.c_str());
+ if (it->first == "set") {
+ std::vector<std::string> set_vector = split(it->second, ":", 2);
+ if (set_vector.size() == 2)
+ expand_macro(set_vector.at(1));
+ response.header(set_vector.at(0), set_vector.at(1));
+ }
+ else if (it->first == "unset") {
+ response.header(it->second, "");
+ }
+ else if (it->first == "add") {
+ std::vector<std::string> add_vector = split(it->second, ":", 2);
+ if (add_vector.size() == 2) {
+ field_range current_range = response.header(add_vector.at(0));
+ expand_macro(add_vector.at(1));
+ if (current_range.first != current_range.second) {
+ std::string new_value = current_range.first->second;
+ new_value += "," + add_vector.at(1);
+ response.header(add_vector.at(0), new_value);
+ } else {
+ response.header(add_vector.at(0), add_vector.at(1));
+ }
+ }
+ }
+ else if (it->first == "replace") {
+ std::vector<std::string> replace_vector = split(it->second, ":", 3);
+ if (replace_vector.size() == 3) {
+ field_range current_range = response.header(replace_vector.at(0));
+ expand_macro(replace_vector.at(1));
+ expand_macro(replace_vector.at(2));
+ boost::regex exp(replace_vector.at(1));
+ for (;current_range.first != current_range.second; current_range.first++) {
+ std::string new_value = current_range.first->second;
+ if (boost::regex_search(new_value, exp)) {
+ new_value = boost::regex_replace(new_value, exp, replace_vector.at(2));
+ response.header(replace_vector.at(0), new_value);
+ }
+ }
+ }
+ }
+ }
+ std::string edited = response.as_string();
+ if (edited.size() > MAX_BUFFER_SIZE) {
+ // XXX log
+ return;
+ }
+ server_length = edited.size();
+ memcpy(server_msg, edited.c_str(), server_length);
+
+ /*-------- DEBUG LOG --------*/
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_PACKET_EDIT)) {
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_PACKET_EDIT, 3, // XXX log
+ "out_function : void packet_editor::edit_server(char* server_msg, size_t& server_length) : "
+ "server_msg(%s), server_length(%d)", server_msg, server_length);
+ }
+ /*------ DEBUG LOG END ------*/
+}
+
+/*!
+ * Expand macro function.
+ *
+ * @param[in/out] source string
+ */
+void packet_editor::expand_macro(std::string& source) {
+ int pos;
+
+ pos = source.find("%{CLIENT_ADDR}");
+ if (pos != std::string::npos) {
+ std::string endpoint = this->session->get_remote_endpoint();
+ if (endpoint.length() > 0) {
+ int addr_end = endpoint.find(':');
+ source.replace(pos, 14, endpoint.substr(0, addr_end));
+ }
+ }
+
+ pos = source.find("%{CLIENT_PORT}");
+ if (pos != std::string::npos) {
+ std::string endpoint = this->session->get_remote_endpoint();
+ if (endpoint.length() > 0) {
+ int port_begin = endpoint.find(':') + 1;
+ source.replace(pos, 14, endpoint.substr(port_begin, endpoint.length() - port_begin));
+ }
+ }
+
+ pos = source.find("%{SERVER_ADDR}");
+ if (pos != std::string::npos) {
+ int addr_end = ::target_endpoint.find(':');
+ source.replace(pos, 14, ::target_endpoint.substr(0, addr_end));
+ }
+
+ pos = source.find("%{SERVER_PORT}");
+ if (pos != std::string::npos) {
+ int port_begin = ::target_endpoint.find(':') + 1;
+ source.replace(pos, 14, ::target_endpoint.substr(port_begin, ::target_endpoint.length() - port_begin));
+ }
+
+ pos = source.find("%{RECV_ADDR}");
+ if (pos != std::string::npos) {
+ int addr_end = ::recv_endpoint.find(':');
+ source.replace(pos, 12, ::recv_endpoint.substr(0, addr_end));
+ }
+
+ pos = source.find("%{RECV_PORT}");
+ if (pos != std::string::npos) {
+ int port_begin = ::recv_endpoint.find(':') + 1;
+ source.replace(pos, 12, ::recv_endpoint.substr(port_begin, ::recv_endpoint.length() - port_begin));
+ }
+}
+
+/*!
+ * Split string function.
+ * Split string by delimiter and return token vector.
+ * If limit is specified and positive, it represents the maximum number of fields
+ * the delimiter will be split into.
+ *
+ * @param[in] source string
+ * @param[in] delimiter delimiter
+ * @param[in] limit max token
+ */
+std::vector<std::string> packet_editor::split(const std::string& source, const std::string& delimiter, int limit = 0) {
+ std::vector<std::string> words;
+ int begin = 0;
+ int end = source.size();
+ limit--;
+ while (limit != 0) {
+ end = source.find(delimiter, begin);
+ if (end == std::string::npos) {
+ end = source.size();
+ break;
+ }
+ words.push_back(source.substr(begin, end - begin));
+ begin = end + 1;
+ limit--;
+ }
+ words.push_back(source.substr(begin, end - begin));
+ return words;
+}
long session_cache_size;
long session_cache_timeout;
std::string conn_log_flag;
-bool edit_client_msg;
-bool edit_server_msg;
-int x_forwarded_for_mode;
-std::string custom_field;
-
+bool client_packet_edit = DEFAULT_CLIENT_EDIT;
+bool server_packet_edit = DEFAULT_SERVER_EDIT;
+std::list<std::pair<std::string, std::string > > http_request_header;
+std::list<std::pair<std::string, std::string > > http_response_header;
/*!
* Convert verify option string to intger(#define).
conn_log_flag = DEFAULT_CONN_LOG_FLAG;
}
- // Get parameter "edit_client_msg".
- if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "edit_client_msg")) {
- std::string edit_client = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
- "edit_client_msg");
- /*-------- DEBUG LOG --------*/
- if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
- LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 40, // XXX fix log
- "function : static int getParameters("
- "std::string config_filename) : "
- "get edit_client_msg OK.");
- }
- /*------ DEBUG LOG END ------*/
- if (edit_client == "") {
- LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23, // XXX fix log
- "edit_client_msg parameter is nothing. "
- "Use default value.");
- edit_client_msg = DEFAULT_EDIT_CLIENT_MSG;
- } else if (edit_client != "on" && edit_client != "off") {
- LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
- "Invalid edit_client_msg parameter value.");
- throw -1;
- }
- if (edit_client == "on")
- edit_client_msg = true;
- else
- edit_client_msg = false;
- } else {
- LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 999, // XXX fix log
- "edit_client_msg parameter not found. "
- "Use default value.");
- edit_client_msg = DEFAULT_EDIT_CLIENT_MSG;
- }
-
- // Get parameter "edit_server_msg".
- if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "edit_server_msg")) {
- std::string edit_server = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
- "edit_server_msg");
+ // Get parameter "http_request_header".
+ if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "http_request_header")) {
+ std::multimap<std::string, std::string> request_map;
+ Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
+ "http_request_header", request_map);
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
- LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 40, // XXX fix log
- "function : static int getParameters("
- "std::string config_filename) : "
- "get edit_server_msg OK.");
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 61, // XXX fix log
+ "function : static int getParameters("
+ "std::string config_filename) : "
+ "get http_request_header OK.");
}
/*------ DEBUG LOG END ------*/
- if (edit_server == "") {
- LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23, // XXX fix log
- "edit_server_msg parameter is nothing. "
- "Use default value.");
- edit_server_msg = DEFAULT_EDIT_SERVER_MSG;
- } else if (edit_server != "on" && edit_server != "off") {
- LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
- "Invalid edit_server_msg parameter value.");
- throw -1;
+ std::multimap<std::string, std::string>::iterator it = request_map.begin();
+ std::multimap<std::string, std::string>::iterator end = request_map.end();
+ while (it != end) {
+ int delimiter_pos = it->second.find(':');
+ if (delimiter_pos == std::string::npos) {
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
+ "Invalid http_request_header parameter value.");
+ throw -1;
+ }
+ std::pair<std::string, std::string> header_pair(
+ it->second.substr(0, delimiter_pos),
+ it->second.substr(delimiter_pos + 1, it->second.size() - delimiter_pos) );
+ if ( header_pair.first != "set"
+ && header_pair.first != "unset"
+ && header_pair.first != "add"
+ && header_pair.first != "replace" ) {
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
+ "Invalid http_request_header parameter value.");
+ throw -1;
+ }
+LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, "read: mode(%s) value(%s)", header_pair.first.c_str(), header_pair.second.c_str());
+ ::http_request_header.push_back(header_pair);
+ ::client_packet_edit = true;
+ it++;
}
- if (edit_server == "on")
- edit_server_msg = true;
- else
- edit_server_msg = false;
- } else {
- LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 999, // XXX fix log
- "edit_server_msg parameter not found. "
- "Use default value.");
- edit_server_msg = DEFAULT_EDIT_SERVER_MSG;
}
- // Get parameter "x_forwarded_for_mode".
- if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "x_forwarded_for_mode")) {
- std::string x_forwarded = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
- "x_forwarded_for_mode");
+ // Get parameter "http_response_header".
+ if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "http_response_header")) {
+ std::multimap<std::string, std::string> response_map;
+ Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
+ "http_response_header", response_map);
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 61, // XXX fix log
- "function : static int getParameters("
- "std::string config_filename) : "
- "get x_forwarded_for_mode OK.");
+ "function : static int getParameters("
+ "std::string config_filename) : "
+ "get http_response_header OK.");
}
/*------ DEBUG LOG END ------*/
- if (x_forwarded == "") {
- LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23, // XXX fix log
- "x_forwarded_for_mode parameter is nothing. "
- "Use default value.");
- x_forwarded_for_mode = DEFAULT_X_FORWARDED_FOR_MODE;
- } else if (x_forwarded != "add") {
- x_forwarded_for_mode = ADD_X_FORWARDED_FOR;
- } else if (x_forwarded != "set") {
- x_forwarded_for_mode = SET_X_FORWARDED_FOR;
- } else if (x_forwarded != "delete") {
- x_forwarded_for_mode = DELETE_X_FORWARDED_FOR;
- } else if (x_forwarded != "none") {
- x_forwarded_for_mode = NONE_X_FORWARDED_FOR;
- } else {
- LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
- "Invalid x_forwarded_for_mode parameter value.");
- throw -1;
+ std::multimap<std::string, std::string>::iterator it = response_map.begin();
+ std::multimap<std::string, std::string>::iterator end = response_map.end();
+ while (it != end) {
+ int delimiter_pos = it->second.find(':');
+ if (delimiter_pos == std::string::npos) {
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
+ "Invalid http_response_header parameter value.");
+ throw -1;
+ }
+ std::pair<std::string, std::string> header_pair(
+ it->second.substr(0, delimiter_pos),
+ it->second.substr(delimiter_pos + 1, it->second.size() - delimiter_pos) );
+ if ( header_pair.first != "set"
+ && header_pair.first != "unset"
+ && header_pair.first != "add"
+ && header_pair.first != "replace" ) {
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
+ "Invalid http_response_header parameter value.");
+ throw -1;
+ }
+LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, "read: mode(%s) value(%s)", header_pair.first.c_str(), header_pair.second.c_str());
+ ::http_response_header.push_back(header_pair);
+ ::server_packet_edit = true;
+ it++;
}
- } else {
- x_forwarded_for_mode = DEFAULT_X_FORWARDED_FOR_MODE;
}
} catch (int e) {
/*-------- DEBUG LOG --------*/
#include "sslproxyserver.h"
#include "sslproxysession.h"
+#include "packet_editor.h"
#include "http_message.h"
#include "http_request.h"
#include "http_response.h"
* @param[in] socket client SSL socket
* @return endpoint string
*/
-std::string sslproxy_session::get_remote_endpoint(ssl_socket& socket)
+std::string sslproxy_session::get_remote_endpoint() const
{
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {
try {
try {
- endpoint = socket.lowest_layer().remote_endpoint();
+ endpoint = client_socket.lowest_layer().remote_endpoint();
/*-------- DEBUG LOG --------*/
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {
LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 7,
if (conn_log_flag == "on") {
LOGGER_PUT_LOG_INFO(LOG_CAT_SSLPROXY_CONNECTION, 1,
"Connect from [%s] to [%s]. %s",
- get_remote_endpoint(client_socket).c_str(),
+ get_remote_endpoint().c_str(),
target_endpoint.c_str(), target_id.c_str());
}
// Check client read result.
if (!error) {
// Edit client message if necessary.
- if (edit_client_msg)
+ if (::client_packet_edit)
edit_client_message(bytes_transferred);
// Start async write server.
s_w_event = true;
try {
// Check server read result.
if (!error) {
+ // Edit client message if necessary.
+ if (::server_packet_edit)
+ edit_server_message(bytes_transferred);
// Start async write client.
c_w_event = true;
pthread_mutex_lock(&client_socket_mutex);
*/
void sslproxy_session::edit_client_message(size_t& bytes_transferred)
{
- if (x_forwarded_for_mode != NONE_X_FORWARDED_FOR ||
- custom_field != "") {
-
- try {
- // Parse HTTP request
- http_request request(std::string(client_buffer, bytes_transferred));
- field_range headers;
- field_map_iterator begin, end;
- std::string xf;
-
- // Edit X_FORWARDED_FOR header field.
- switch (x_forwarded_for_mode) {
- case NONE_X_FORWARDED_FOR:
- break;
- case ADD_X_FORWARDED_FOR:
- headers = request.header("X-Forwarded-For");
- begin = headers.first;
- end = headers.second;
- if (begin != end) {
- while (begin != end) {
- // Already exist header
- request.header("X-Forwarded-For", begin->second + ", " + get_remote_endpoint(client_socket));
- begin++;
- }
- }
- else {
- request.header("X-Forwarded-For", get_remote_endpoint(client_socket));
- }
- break;
- case SET_X_FORWARDED_FOR:
- request.header("X-Forwarded-For", get_remote_endpoint(client_socket));
- break;
- case DELETE_X_FORWARDED_FOR:
- request.header("X-Forwarded-For", "");
- break;
- }
-
- // Edit X_FORWARDED_FOR header field.
- if (custom_field != "") {
- }
+ packet_editor editor(this);
+ editor.edit_client(client_buffer, bytes_transferred);
+}
- std::string new_client_buffer = request.as_string();
- if (new_client_buffer.length() <= MAX_BUFFER_SIZE) {
- memcpy(client_buffer, new_client_buffer.c_str(), new_client_buffer.length());
- bytes_transferred = new_client_buffer.length();
- }
- }
- catch (...) {
- // XXX http request parse error
- }
- }
+/*!
+ * Edit server message function.
+ * Add, delete or change server message.
+ *
+ * @param[in,out] bytes_transferred transferred data size before,after edit
+ */
+void sslproxy_session::edit_server_message(size_t& bytes_transferred)
+{
+ packet_editor editor(this);
+ editor.edit_server(server_buffer, bytes_transferred);
}