opm: add support for HTTPS CONNECT proxies.
TBD: do we need an SSL listener for these?
This commit is contained in:
parent
2d89c9ffc1
commit
eb0814b3cb
4 changed files with 46 additions and 6 deletions
|
@ -33,6 +33,7 @@ typedef enum protocol_t
|
||||||
PROTO_SOCKS4,
|
PROTO_SOCKS4,
|
||||||
PROTO_SOCKS5,
|
PROTO_SOCKS5,
|
||||||
PROTO_HTTP_CONNECT,
|
PROTO_HTTP_CONNECT,
|
||||||
|
PROTO_HTTPS_CONNECT,
|
||||||
} protocol_t;
|
} protocol_t;
|
||||||
|
|
||||||
struct opm_lookup
|
struct opm_lookup
|
||||||
|
@ -45,6 +46,7 @@ struct opm_proxy
|
||||||
char note[16];
|
char note[16];
|
||||||
protocol_t proto;
|
protocol_t proto;
|
||||||
uint16_t port;
|
uint16_t port;
|
||||||
|
bool ssl;
|
||||||
|
|
||||||
rb_dlink_node node;
|
rb_dlink_node node;
|
||||||
};
|
};
|
||||||
|
@ -97,6 +99,8 @@ get_protocol_from_string(const char *str)
|
||||||
return PROTO_SOCKS5;
|
return PROTO_SOCKS5;
|
||||||
else if(strcasecmp(str, "httpconnect") == 0)
|
else if(strcasecmp(str, "httpconnect") == 0)
|
||||||
return PROTO_HTTP_CONNECT;
|
return PROTO_HTTP_CONNECT;
|
||||||
|
else if(strcasecmp(str, "httpsconnect") == 0)
|
||||||
|
return PROTO_HTTPS_CONNECT;
|
||||||
else
|
else
|
||||||
return PROTO_NONE;
|
return PROTO_NONE;
|
||||||
}
|
}
|
||||||
|
@ -426,6 +430,7 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
|
||||||
{
|
{
|
||||||
case PROTO_SOCKS4:
|
case PROTO_SOCKS4:
|
||||||
#ifdef RB_IPV6
|
#ifdef RB_IPV6
|
||||||
|
/* SOCKS4 is IPv4 only */
|
||||||
if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
|
if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
|
||||||
{
|
{
|
||||||
rb_free(scan);
|
rb_free(scan);
|
||||||
|
@ -438,6 +443,7 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
|
||||||
callback = socks5_connected;
|
callback = socks5_connected;
|
||||||
break;
|
break;
|
||||||
case PROTO_HTTP_CONNECT:
|
case PROTO_HTTP_CONNECT:
|
||||||
|
case PROTO_HTTPS_CONNECT:
|
||||||
callback = http_connect_connected;
|
callback = http_connect_connected;
|
||||||
default:
|
default:
|
||||||
return;
|
return;
|
||||||
|
@ -469,11 +475,19 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
|
||||||
SET_SS_PORT(&c_a, htons(proxy->port));
|
SET_SS_PORT(&c_a, htons(proxy->port));
|
||||||
|
|
||||||
rb_dlinkAdd(scan, &scan->node, &lookup->scans);
|
rb_dlinkAdd(scan, &scan->node, &lookup->scans);
|
||||||
rb_connect_tcp(scan->F,
|
|
||||||
(struct sockaddr *)&c_a,
|
if(!proxy->ssl)
|
||||||
(struct sockaddr *)&l_a,
|
rb_connect_tcp(scan->F,
|
||||||
GET_SS_LEN(&l_a),
|
(struct sockaddr *)&c_a,
|
||||||
callback, scan, opm_timeout);
|
(struct sockaddr *)&l_a,
|
||||||
|
GET_SS_LEN(&l_a),
|
||||||
|
callback, scan, opm_timeout);
|
||||||
|
else
|
||||||
|
rb_connect_tcp_ssl(scan->F,
|
||||||
|
(struct sockaddr *)&c_a,
|
||||||
|
(struct sockaddr *)&l_a,
|
||||||
|
GET_SS_LEN(&l_a),
|
||||||
|
callback, scan, opm_timeout);
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
|
@ -754,12 +768,19 @@ create_opm_scanner(const char *key __unused, int parc __unused, const char **par
|
||||||
{
|
{
|
||||||
case PROTO_SOCKS4:
|
case PROTO_SOCKS4:
|
||||||
snprintf(proxy->note, sizeof(proxy->note), "socks4:%hu", proxy->port);
|
snprintf(proxy->note, sizeof(proxy->note), "socks4:%hu", proxy->port);
|
||||||
|
proxy->ssl = false;
|
||||||
break;
|
break;
|
||||||
case PROTO_SOCKS5:
|
case PROTO_SOCKS5:
|
||||||
snprintf(proxy->note, sizeof(proxy->note), "socks5:%hu", proxy->port);
|
snprintf(proxy->note, sizeof(proxy->note), "socks5:%hu", proxy->port);
|
||||||
|
proxy->ssl = false;
|
||||||
break;
|
break;
|
||||||
case PROTO_HTTP_CONNECT:
|
case PROTO_HTTP_CONNECT:
|
||||||
snprintf(proxy->note, sizeof(proxy->note), "httpconnect:%hu", proxy->port);
|
snprintf(proxy->note, sizeof(proxy->note), "httpconnect:%hu", proxy->port);
|
||||||
|
proxy->ssl = false;
|
||||||
|
break;
|
||||||
|
case PROTO_HTTPS_CONNECT:
|
||||||
|
snprintf(proxy->note, sizeof(proxy->note), "httpsconnect:%hu", proxy->port);
|
||||||
|
proxy->ssl = true;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
warn_opers(L_CRIT, "OPM: got an unknown proxy type: %s (port %hu)", parv[0], proxy->port);
|
warn_opers(L_CRIT, "OPM: got an unknown proxy type: %s (port %hu)", parv[0], proxy->port);
|
||||||
|
|
|
@ -489,6 +489,12 @@ opm {
|
||||||
* below.
|
* below.
|
||||||
*/
|
*/
|
||||||
httpconnect_ports = 80, 8080, 8000;
|
httpconnect_ports = 80, 8080, 8000;
|
||||||
|
|
||||||
|
/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
|
||||||
|
* They may overlap with other scan types. Sensible defaults are given
|
||||||
|
* below.
|
||||||
|
*/
|
||||||
|
httpsconnect_ports = 443, 4443;
|
||||||
};
|
};
|
||||||
|
|
||||||
alias "NickServ" {
|
alias "NickServ" {
|
||||||
|
|
|
@ -960,11 +960,17 @@ opm {
|
||||||
*/
|
*/
|
||||||
socks5_ports = 80, 443, 1080, 8000, 8080, 10800;
|
socks5_ports = 80, 443, 1080, 8000, 8080, 10800;
|
||||||
|
|
||||||
/* These are the ports to scan for HTTP connect proxies on (plaintext).
|
/* These are the ports to scan for HTTP CONNECT proxies on (plaintext).
|
||||||
* They may overlap with other scan types. Sensible defaults are given
|
* They may overlap with other scan types. Sensible defaults are given
|
||||||
* below.
|
* below.
|
||||||
*/
|
*/
|
||||||
httpconnect_ports = 80, 8080, 8000;
|
httpconnect_ports = 80, 8080, 8000;
|
||||||
|
|
||||||
|
/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
|
||||||
|
* They may overlap with other scan types. Sensible defaults are given
|
||||||
|
* below.
|
||||||
|
*/
|
||||||
|
httpsconnect_ports = 443, 4443;
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -2314,6 +2314,12 @@ conf_set_opm_scan_ports_httpconnect(void *data)
|
||||||
conf_set_opm_scan_ports_all(data, "opm::httpconnect_ports", "httpconnect");
|
conf_set_opm_scan_ports_all(data, "opm::httpconnect_ports", "httpconnect");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
conf_set_opm_scan_ports_httpsconnect(void *data)
|
||||||
|
{
|
||||||
|
conf_set_opm_scan_ports_all(data, "opm::httpsconnect_ports", "httpsconnect");
|
||||||
|
}
|
||||||
|
|
||||||
/* public functions */
|
/* public functions */
|
||||||
|
|
||||||
|
|
||||||
|
@ -2854,4 +2860,5 @@ newconf_init()
|
||||||
add_conf_item("opm", "socks4_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks4);
|
add_conf_item("opm", "socks4_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks4);
|
||||||
add_conf_item("opm", "socks5_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks5);
|
add_conf_item("opm", "socks5_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks5);
|
||||||
add_conf_item("opm", "httpconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpconnect);
|
add_conf_item("opm", "httpconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpconnect);
|
||||||
|
add_conf_item("opm", "httpsconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpsconnect);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue