2001-01-15 Robert James Kaes * src/reqs.c (process_method): A potential stack overflow bug fixed. Though, I do not actually think a stack overflow could have occurred in this case. Better safe than sorry. * src/stats.c (showstats): Another potential heap overflow bug fixed. * src/utils.c (httperr): A heap overflow bug fixed. 2000-12-07 Robert James Kaes * src/thread.c (thread_main_loop): Removed all the weird timing code which was used to monitor the number of threads in use. * src/tinyproxy.c (main): The thread count is now checked once a second, and can be killed properly. 2000-10-23 Robert James Kaes * src/dnscache.c (new_dnscache): Creates a new DNS tree. Called before any other DNS requests. * src/dnscache.c (dnscache): Removed the garbage collection routine since I haven't figured out how to delete the tree without causing a SEGFAULT. Ugh. * src/anonymous.c (new_anonymous): Create a new Anonymous tree. * src/tinyproxy.c (main): Initialize the DNS and Anonymous subsytems. 2000-09-25 Robert James Kaes * src/dnscache.c (dns_insert): If the insert fails, delete the allocated memory. No more memory leak. * src/ternary.c (ternary_insert): Return an error if the key is already in the tree. 2000-09-21 Robert James Kaes * src/log.c: Added the LOG_NOTICE level for more important than LOG_INFO messages. 2000-09-14 Robert James Kaes * configure.in: * src/tinyproxy.h: Check for the header. 2000-08-23 Robert James Kaes * src/utils.c (pidfile_create): Improved the security of this function. Prevents cracker abuse of the pid file creation. * sec/ternary.c: Overhauled to improve the robustness of the code. Prevents people from effecting the internal system from outside the official API. I think this is a good example of how all the functions should be coded. It is a little more complex, but it handles "problems" much better. 2000-08-21 Robert James Kaes * src/utils.c (strlcat) * src/utils.c (strlcpy): Added these two functions which take their API from the OpenBSD versions. Replaces strncpy/strncat. 2000-08-17 Robert James Kaes * src/ternary.c: Added a ternary tree module to replace the uses of hashes in the source. There _were_ two different hash methods before, which have been replaced with this general purpose module. 2000-08-12 Robert James Kaes * src/log.c (log): Removed the static variables by changing them to automatic. 2000-08-03 Robert James Kaes * doc/tinyproxy.8: Updated the manual documentation to match what tinyproxy actually does. :) * src/grammar.y: Finished handling the various config keywords. 2000-08-02 Robert James Kaes * src/tinyproxy.c (main): Fixed the change user/group ability. 2000-07-31 Robert James Kaes * src/reqs.c (process_method): Trying to change to a 1.1 compliant browser. So, the Host header is set and sent. Also, tinyproxy doesn't handle persistent connections, so tinyproxy needs to send the Connection: close header. 2000-07-30 Robert James Kaes * src/thread.c (thread_main_loop): Added in the controls for handling the creating and destruction of threads based on their numbers. This is used for load control. Adjust MaxSpareServers, MinSpareServers, and MaxClients. 2000-07-29 Robert James Kaes * src/acl.c: Added the ACL control system. This is much more advanced then the simple one IP address test. Read doc/tinyproxy.conf for more information. 2000-07-22 Robert James Kaes * src/log.h: Paired down the logging levels and provided a description for each level. Please try to be consistent with these. Also, added the two DEBUG?() function macros for use with debugging. * src/thread.c (thread_pool_create): Make sure we don't try to start more than MaxClients servers. * src/tinyproxy.c (main): Log when tinyproxy is using default values rather than specified ones. * src/reqs.c (relay_connection): Fixed a few difftime() problems where the two arguments were being reversed. (relay_connection): Added logging to handle if an Idle Timeout occured on a connection. 2000-07-19 Robert James Kaes * src/tinyproxy.c (main): Cleaned up the command line arguments since we now have a configuration file. See grammar.y and scanner.l for more information. (versiondisp): Moved the version information out of usagedisp(). 2000-07-11 Robert James Kaes * src/utils.c (pidfile_create): Moved from tinyproxy.c * src/thread.c: Moved all the thread creation code into a seperate file. 2000-07-10 Robert James Kaes * src/tinyproxy.c (pidfile_create): All the process to write it's PID to the specified file. (thread_main, thread_make): Instread of creating a new thread on each connection, we now have a pool of threads. Right now the pool is hard coded, but I'd like to have a system similar to Apache where the pool can change as demand changes. * src/sock.c (getpeer_string): Needed to add locking around the call to gethostbyname(). Could use gethostbyname_r() but I can't find a consistent definition for the function. 2000-07-03 Robert James Kaes * src/reqs.c (safe_write): Added safe_write so that EINTR errors would be handled correctly when trying to write on a blocking socket. Non blocking is already handled in the writebuff function. (safe_read): Matched pair for safe_write(). Same reason. (pull_client_data): Removed the malloc of the length, and switched to a fixed buffer. This prevents a DoS where the client specifies a HUGE buffer and exhausted memory. 2000-07-01 Robert James Kaes * src/reqs.c: Added the ability for sheding connections due to high system load. * src/buffer.c (readbuff): Now you can not have a buffer larger than MAXBUFFSIZE. The read() function will attempt to read in MAXBUFFSIZE - buffer_size(). * src/tinyproxy.h (MAXBUFFSIZE): This is the main control for all the buffers in tinyproxy. Currently it is set to 48K since that is nicely divisable by 2 and 3. The key is by 3 since this give you 16K which is more than enough for a header line. * src/stats.c: New file to handle the statistic functions. Needed since with multiple threads, there has to be some locking around any changes to the values. Moved the showstats() function here from utils.c since logically it should be with the other stats routines. * src/tinyproxy.c (main): Removed the USR1 signal since LinuxThreads on a libc5 system needs the USR1 and USR2 for internal processing. This means the USR1 signal dump stats is removed. * src/reqs.c (handle_connection): Log incoming connections here so that the information is logged even if we are doing an upstream relay. * src/tinyproxy.h: Moved all the common header files here to help remove the clutter from all the other source files. Removed the references to client_header and server_header from struct conn_s since they are no longer used. * src/reqs.c (validuser): Had the test for a valid user in reverse. Fixed. * src/tinyproxy.c (main): Moved the getreqs() function back into the main function. 2000-06-30 Robert James Kaes * src/dnscache.c (dnscache): Added back the garbage collection phase of the DNS caching system. Also, cleaned up the source so only dnscache() is exposed to the rest of the system. * src/buffer.c: Moved the structure definitions into src/buffer.c from src/buffer.h. Removed *_buffer() functions. Made buffer_size() a function so the structure definition does not need to be included in the header. Removed the references to working_string and working_length in struct buffer_s since it is no longer needed. * configure.in: Added the checks for various "standard" data types. Cleaned up the source, and fixed a problem with SOCKs support. * acinclude.m4: Added the AC_UNP_CHECK_TYPE macro from Unix Network Programming, W. Richard Stevens. * src/reqs.c (handle_connection): Added the UPSTREAM_PROXY code back into tinyproxy. It uses GOTOs, but it doesn't create spaghetti code, at least it better not! :) * src/utils.h: * src/utils.c: Removed the xmalloc and xstrdup functions since they really did not add anything to the standard malloc and strdup functions. * (all) Went through and removed all the references to xmalloc and xstrdup. Still need to add the error checking to all these calls though. 2000-06-29 Robert James Kaes * src/sock.c (opensock): Added mutex locking around the call to dnscache since I don't want more than one thread to be adding to the linked list. * configure.in: moved the tests for USE_PROC, UPTIME_PATH, DEFAULT_CUTOFFLOAD, DEFAULT_STATHOST from src/config.h * src/tinyproxy.c: Moved the LOAD_RECALCTIMER define from src/config.h * src/reqs.c (handle_method, process_server_headers, handle_connection): Handle simple and HTTP/0.9 requests properly. * src/buffer.h: Changed the default MAXBUFFSIZE to 24 KB. 2000-06-28 Robert James Kaes * src/sock.c (listen_sock): This replaces the init_listen_sock function and removed the global sockaddr and setup_fd variables. * src/tinyproxy.c (getreqs): Not at all like the old function by the same name. This just blocks on accept for new connections and then creates a new thread for each connection. * src/tinyproxy.h: Moved the struct conn_s into this header so we can completely remove the src/conns.h and src/conns.c files as they are no longer needed. * src/reqs.c (process_server_headers): Handle server headers separately from relay_connection since we'll need to be able to read them in the future if we want to support caching. (process_client_headers): Check for the Content-Length header. If it is present then we need to read in all the client's data before we can process any server headers or send back an error message. (pull_client_header): Read in Content-Length number of bytes from the client. 2000-06-27 Robert James Kaes * src/sock.c (socket_blocking, socket_nonblocking): Added the functions since we need to selectively change a socket's state as the program runs. (opensock): Removed the call for making the socket nonblocking since it should only be switched into nonblocking when it's absolutely needed. * src/buffer.c (readbuff, writebuff): Added tests at the beginning of the functions to return if the limits on the buffer size have been exceeded. Maybe this should be an assert instead, since these functions should not be called with exceeded limits. * src/config.h: Moved this to ./config.h instead. Updated the source to reflect this change. * src/log.c: Added logging levels which are duplicates of the syslog levels. Helps to make the logfile a little easier to parse. This also means all the calls to log(...) needed to be changed to log(level, ...) 2000-06-26 Robert James Kaes * src/sock.c (readline): Completely gutted the function and replaced it with a simpler function which is very similar to the original function back in version 1.0. :) We can reuse this function again since the sockets are now blocking again. 2000-06-22 Robert James Kaes * src/reqs.c: A _MASSIVE_ rewrite of the whole connection process. The old state machine is now gone. Each new connection is now a separate thread. This allows the sockets to be blocking most of the time, which made the rest of the functions a lot easier to code. Some functions have been renamed and a bunch are new. The changes are really too numerous to list, but the main idea is that there is a separate function to handle each part of a connection and the non-blocking code is only needed in the relay_connection function. Take a look at the code, it's a lot easier to understand now. 2000-06-21 Robert James Kaes * src/dnscache.h: * src/dnscache.c: Renamed the functions lookup and insert to dns_lookup and dns_insert. (dns_lookup): Cleaned up the code to make it more streamlined. 2000-06-06 Robert James Kaes * fixed the links in doc/tinyproxy.8 for locating tinyproxy to point to the new location at SourceForge.net. Thanks to Simon Baker for pointing this out. 2000-04-26 Robert James Kaes * src/uri.c: Added the #include for compatibility with FreeBSD. * src/dnscache.c: Moved the #include above the #include reference for compatibility with FreeBSD. 2000-03-31 Robert James Kaes * src/reqs.c (clientreq): Removed the hack for POST methods with regard to anonymous access. (clientreq): fixed a bug with the request line. If the PATH was empty, it would send an malformed request to the server. This is checked now and if the path is empty, a "/" is used instread. * src/config.h (SOCK_TIMEOUT): Increased the time out to 10 seconds. * src/buffer.c (new_buffer): Additional initialization code for new elements of the buffer_s structure. (delete_buffer): Code to delete the working_* fields. * src/buffer.h: Added the working_string and working_length method for use as a scratch pad in the readline function. * src/sock.c (readline): A major rewrite of this routine. Lines of text are now built incrementally with a new scratch pad built into the buffer. 2000-03-30 Robert James Kaes * src/Makefile.am (tinyproxy_SOURCES): include the line for the anonymous.* files. * src/tinyproxy.h: removed all references to struct allowed_hdrs. * src/tinyproxy.c (main): removed all the old anonymous code, and added a test for the anonymous code so the Content-Type and Content-Length headers are allowed to pass through if the anonymous mode is turned on. This is needed for POSTs to work. * src/reqs.c (anonheader): removed all the code which used the old method of anonymous headers and replaced it using the new API. * src/anonymous.h: * src/anonymous.c: Moved the anonymous header code into it's own sections with a well defined API. Internally it uses a Ternary Search Tree. 2000-03-29 Robert James Kaes * src/dnscache.c: added the header. * src/reqs.c (clientreq): fixed a problem with the anonymous headers. There was a test for the POST line since we have to send all headers at the moment to handle that (actually, that might not be true anymore...), but the test was incorrect and would send all the headers through on all requests. Fixed the test and now only the selected headers are sent. 2000-03-28 Robert James Kaes * src/reqs.c (clientreq): Fixed a bug which would cause a SEGV if the scheme was NULL. The cause was the error logging code to report an invalid scheme. Fixed another bug with the uri->authority. If a request in the form of http:\\www.somewhere.com/ was entered, tinyproxy would SEGV. 2000-03-12 Robert James Kaes * src/tinyproxy.c: include the upstream command line option. Also, re-organized the help to have the options in be in alphabetical order. * src/reqs.c: include the code for handling the upstream proxy. * src/dnscache.c: removed an assert from lookup so that it can be used as method to simply verify if a domain name is already in the cache. * src/config.h: removed the defines dealing with DEFAULT_* and UPSTREAM declarations. * doc/tinyproxy.8: expanded the manual to include all the command line options. Also, organized the options in alphabetical order. * acconfig.h: fixed the defines for DEFAULT_LOG, DEFAULT_PORT, and DEFAULT_USER to have real default values. * configure.in: include support for upstream proxies with the --enable-upstream option. Also, fixed the AC_MSG_CHECKING functions to include better wording. 1.3.2 2000/02/15 - Fixed null requests bug. - Fixed fd leak bug. - Fixed connptr bug. - Updated docs. 1.3.1 1999/12/21 - made the dns cache hashing algorithm case-insensitive. - fixed a bug in log() that would cause it to dump garbage to the log file when in unrestricted mode. - this is an interim release to fix the above log() bug. 1.3.0 1999/12/01 - autoconf enabled the source tree and moved some of the documentation files into the proper locations. Also, added any files which were needed to conform with the GNU autoconf directory structure. - Changed the debugging code to use asserts(). I don't know if I'm completely happy with this. One the one hand it shrinks the size of the executable, but on the other, it doesn't handle weird situations in production code. It's still a toss up. - Did a major reorganization of the source tree. The biggest change is moving a lot of code from reqs.c into more appropriate files. - ANON mode is now always compiled in (since it doesn't take up that much space) and is enabled from the command line. - Changed the states a connection can be in, and also merged both sockets (server/client) into one structure. Makes the code a lot cleaner. - Added a DNS caching mechanism. What happens it that a hash of previously looked up names is maintained, so additional host names will not need to be fetched from the DNS server again. Helps on most web pages, which have a lot of images from the same server. - Removed the global error variable (tinyerr) by making the functions more consistent with what they return for an error. - Removed the global.* files and merged them back into the tinyproxy.* source. - Added bug fixes in reqs.c to handle bad servers, which do not follow the basic RFC protocol (i.e. using just a LF instead of a CRLF). - Most of reqs.c has been changed to use the readline function. Also, it has been organized around the new connection states and connection structure. - xstrstr can now be both case sensitive or insensitive. Also, added a check to make sure the haystack is longer than the needle. 1.2.10 1999/08/20 - Found a memory free bug in the buffer code, and also, a bug in allocating memory for the buffer. Both could be fatal. One leaked memory, and the other could allow all memory to be exhausted. Both are now fixed. - Reorganized some of the code. Moved global variables into the proper files. Should help to eliminate them altogether someday. - Shaun Johnson fixed a problem with compiling with syslog enabled on a SunOS box. 1.2.9 1999/08/17 - Changed the writebuff to more explicitly be designed to write from the other connection's buffer. A connection reads into it's own buffer, but write's the other connection's buffer. - You can now specify a particular IP address to listen on. By default, tinyproxy listens on all IP addresses. 1.2.8.1 1999/08/13 (Internal release) - Improved the portability by removing the daemon call and removing the calls to index(). - added the buffer.* source into the CVS tree. 1.2.8 1999/08/06 - Better logging of incoming connections. Now both the IP address and the requested URL are logged. - You can now specify that only a certain subnet is allowed to access tinyproxy. Currently it only supports one subnet with matching against a string with the IP address. - a bunch of just general code clean up. Mostly stylistic stuff. 1.2.7 1999/07/28 - Incoming connections are now logged to the log file/syslog - An "XTinyproxy" header can now sent with each request which includes the IP address of the client. - Fixed some of the size of the members in the structures. - Fixed an argument problem in listen_sock which was using the size of the wrong variable. 1.2.6 1999/06/05 - Added the ability to send the HTTP requests to a proxy server running on a different machine (or even the same machine if you like) - Fixed a bug in the clientreq() routine which would choke on requests in the form of GET http://www.url.com HTTP/1.0 (thanks to Bruno Viaris for pointing out the bug and providing the initial fix.) 1.2.5 1999/05/21 - Now maintained by Robert James Kaes (rjkaes@flarenet.com) - Non-blocking sockets - Cleaned up the style, and code. Compiles cleanly with -Wall - Logs to syslogd with -S command line argument - Rewrote the clientreq routine to remove tonnes of code - Removed unused routines (rstrtolower, xstrndup, readline, etc.) - Moved the user configurable options into config.h 1.1 1998/09/15 - Load average monitoring added - Remote proxy monitoring added - Added -u (change user). 1.0d - ANON mode now supports -a to let user-specified headers through - various bug fixes in readline() 1.0c - Support for ANON mode 1.0b - Cleaned up exit codes (now uses sysexits.h) - Uses daemon() from -lbsf instead of daemonize() - Now supports ports other than 80 1.0a - Created by Steven Young (sdyoung@well.com)