diff -urN ijb20.org/Makefile ijb20/Makefile --- ijb20.org/Makefile Fri Mar 30 01:06:16 2001 +++ ijb20/Makefile Fri Mar 30 01:05:49 2001 @@ -3,20 +3,27 @@ # comment out the next line if you do NOT want to use regular expressions REGEX = -DREGEX -DEFAULT_CFLAGS = -I. $(REGEX) -DSTDC_HEADERS -DHAVE_STRING +# set include and library paths for the zlib compression library +# +ZLIB_INC_FLAGS=-I../zlib +ZLIB_LIB_FLAGS=-L ../zlib + +DEFAULT_CFLAGS = -I. $(ZLIB_INC_FLAGS) $(REGEX) -DSTDC_HEADERS -DHAVE_STRING PROG = junkbuster O = o RM = rm -f CC = gcc MORE_CFLAGS = -O3 -D_DISTNAME="$(DISTNAME)" -D_DISTURL="$(DISTURL)" +LD = $(CC) $(CFLAGS) $(ZLIB_LIB) +LDFLAGS = -lz # use this for Solaris 2.x -#LDFLAGS = -lnsl -lsocket +#LDFLAGS = -lnsl -lsocket -lz # use these for SunOS 4.x -#LDFLAGS = -nsl #MORE_CFLAGS = -g -DNOSTRERROR +#LDFLAGS = -nsl -lz # use this for HPUX 10.01 # you may get pointer assignment warnings @@ -25,7 +32,7 @@ # use these with OS/2 EMX (tested with EMX 0.9c) #CC = gcc #MOREFLAGS = -DOS2 -#LDFLAGS = -lsocket -Zexe -s +#LDFLAGS = -lsocket -Zexe -s zlib.lib #RM = del #PROG = junkbstr # uncomment if you don't use HPFS @@ -35,7 +42,7 @@ # use these for mingw32 #PROG = junkbstr.exe #MORE_CFLAGS = -DWin32_Winsock -O3 -#LDFLAGS = -lwsock32 +#LDFLAGS = -lwsock32 -lz # use these for Win32 #PROG = junkbstr.exe @@ -63,6 +70,15 @@ #MORE_CFLAGS = -D_DISTNAME="$(DISTNAME)" -D_DISTURL="$(DISTURL)" -D_WIN32 -D_CYGWIN -DWin32_Winsock -O3 -s #LDFLAGS = -lwsock32 +# use these for LCC +#CC = lcc +#LD = lcclnk +#PROG = junkbstr.exe +#MORE_CFLAGS = -O +#O = obj +#RM = del +#LDFLAGS = wsock32.lib zlib.lib + # use these for BeOS #MORE_CFLAGS = -relax_pointers #LDFLAGS = -map junkbuster.xMAP @@ -73,10 +89,12 @@ encode.$(O) ssplit.$(O) socks4.$(O) acl.$(O) gnu_regex.$(O) win32.$(O) $(PROG): $(OBJS) - $(CC) $(CFLAGS) -o $(PROG) $(OBJS) $(LDFLAGS) + $(LD) -o $(PROG) $(ZLIB_LIB_FLAGS) $(OBJS) $(LDFLAGS) + +$(OBJS) : jcc.h clean: - $(RM) a.out core *.o *.obj + $(RM) a.out core *.$(O) clobber: clean $(RM) junkbuster junkbuster.xMAP junkbstr.exe *.pdb *.lib *.exp diff -urN ijb20.org/README ijb20/README --- ijb20.org/README Fri Oct 30 22:58:48 1998 +++ ijb20/README Fri Mar 30 01:03:05 2001 @@ -1,3 +1,20 @@ +--- NB +--- The source code in this directory is 'ijb-zlib', a MODIFIED version +--- of the Internet Junkbuster Proxy (TM) version 2.0.2 which has been +--- changed to allow automatic compression of text/html and text/plain +--- documents if the requesting client has specified Accept-Encoding: gzip +--- +--- See the enclosed file 'ijb-zlib.html' -- also available at +--- http://f2.org/products/ijb-zlib/ -- for compilation and +--- configuration notes. +--- +--- 'ijb-zlib' is covered by the same GNU General Public Licence as +--- the Internet Junkbuster Proxy (TM), which is not surprising since +--- that's where the bulk of the code originated. +--- +--- Original README file for the Internet Junkbuster Proxy (TM) follows: + + README for the Internet Junkbuster Proxy (TM) Copyright 1997-8 Junkbusters Corp. $Id: README,v 1.17 1998/10/29 22:07:42 acjc Exp $ diff -urN ijb20.org/acl.c ijb20/acl.c --- ijb20.org/acl.c Fri Oct 30 22:58:48 1998 +++ ijb20/acl.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *acl_rcs = "$Id: acl.c,v 1.8 1998/01/26 18:52:17 ACJC Exp $"; /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. @@ -12,7 +16,7 @@ #include #ifdef _WIN32 -#include "windows.h" +#include "win32.h" #else #include #endif @@ -228,7 +232,7 @@ fclose(fp); if(current_aclfile) { - current_aclfile->unloader = unload_aclfile; + current_aclfile->unloader = (void (*)(void *)) unload_aclfile; } current_aclfile = fs; diff -urN ijb20.org/bind.c ijb20/bind.c --- ijb20.org/bind.c Fri Oct 30 22:58:48 1998 +++ ijb20/bind.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *bind_rcs = "$Id: bind.c,v 2.9 1998/10/22 15:30:16 ACJC Exp $"; /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. @@ -15,7 +19,7 @@ #ifdef _WIN32 #include -#include +#include "win32.h" #else @@ -32,7 +36,11 @@ #endif -extern int atoip(); +#ifdef REGEX +#include +#endif + +#include "jcc.h" /* For atoip() */ long remote_ip_long; char *remote_ip_str; @@ -100,8 +108,7 @@ * when a connection is accepted, it returns the file descriptor * for the connected port */ -int accept_connection (fd) -int fd; +int accept_connection (int fd) { struct sockaddr raddr; struct sockaddr_in *rap = (struct sockaddr_in *) &raddr; diff -urN ijb20.org/conn.c ijb20/conn.c --- ijb20.org/conn.c Fri Oct 30 22:58:48 1998 +++ ijb20/conn.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *conn_rcs = "$Id: conn.c,v 2.16 1998/10/27 02:14:07 ACJC Exp $"; /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. @@ -13,7 +17,7 @@ #ifdef _WIN32 -#include +#include "win32.h" #include #include diff -urN ijb20.org/encode.c ijb20/encode.c --- ijb20.org/encode.c Fri Oct 30 22:58:48 1998 +++ ijb20/encode.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *encode_rcs = "$Id: encode.c,v 2.8 1998/10/23 02:13:27 ACJC Exp $"; /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. diff -urN ijb20.org/filters.c ijb20/filters.c --- ijb20.org/filters.c Fri Mar 30 00:46:31 2001 +++ ijb20/filters.c Fri Mar 30 01:03:05 2001 @@ -3,6 +3,9 @@ * Distributed under the GNU General Public License; see the README file. * This code comes with NO WARRANTY. http://www.junkbusters.com/ht/en/gpl.html */ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ #include #include diff -urN ijb20.org/gnu_regex.c ijb20/gnu_regex.c --- ijb20.org/gnu_regex.c Fri Oct 30 22:58:48 1998 +++ ijb20/gnu_regex.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *gnu_regex_rcs = "$Id: gnu_regex.c,v 1.5 1997/09/08 21:09:34 ACJC Exp $"; #ifdef REGEX diff -urN ijb20.org/gnu_regex.h ijb20/gnu_regex.h --- ijb20.org/gnu_regex.h Fri Oct 30 22:58:48 1998 +++ ijb20/gnu_regex.h Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + /* Definitions for data structures and routines for the regular expression library, version 0.12. diff -urN ijb20.org/jcc.c ijb20/jcc.c --- ijb20.org/jcc.c Fri Mar 30 00:46:31 2001 +++ ijb20/jcc.c Fri Mar 30 01:03:05 2001 @@ -16,7 +16,7 @@ #ifdef _WIN32 #include -#include +#include "win32.h" #include #include @@ -43,9 +43,12 @@ #endif #include "jcc.h" +#include "zutil.h" char *prog; +#define SOCKET_BUF_SIZE 5120 + #define BODY "\n" char CFAIL[] = "HTTP/1.0 503 Connect failed\n" @@ -121,10 +124,6 @@ int hideConsole = 0; int tinygif = 0; -#ifdef _WIN32 -#define sleep(N) Sleep(((N) * 1000)) -#endif - char *logfile = NULL; FILE *logfp; @@ -145,6 +144,7 @@ int suppress_vanilla_wafer = 0; int add_forwarded = 0; +int auto_compress = 0; struct client_state clients[1]; struct file_list files[1]; @@ -156,7 +156,7 @@ struct url_spec * trust_list[64]; -int (*loaders[NLOADERS])(); +int (*loaders[NLOADERS])(struct client_state *csp); struct gateway gateways[] = { /* type function gw type/host/port, fw host/port*/ @@ -197,6 +197,152 @@ #endif } +int write_compression_header(struct client_state *csp, char *buf, int n) { +/* csp->gz_debug_fd = open("gz_debug", O_CREAT | O_BINARY | O_TRUNC | O_WRONLY, 0666); */ + if (csp->gz_debug_fd >= 0) { + write(csp->gz_debug_fd, buf, n); + } + if (write_socket(csp->cfd, buf, n) != n) { + return -1; + } + if (csp->compressing_content) { + int level = Z_BEST_COMPRESSION; + int strategy = Z_DEFAULT_STRATEGY; + static char gzip_hdr[10] = { + 0x1f, (char) 0x8b, (char) Z_DEFLATED, 0, 0, + 0, 0, 0, 0, 0x03 }; + + csp->gz_crc = crc32(0L, Z_NULL, 0); + csp->gz_stream = &csp->gz_stream_struct; + csp->gz_stream->zalloc = (alloc_func)0; + csp->gz_stream->zfree = (free_func)0; + csp->gz_stream->opaque = (voidpf)0; + csp->gz_stream->next_in = 0; + csp->gz_stream->next_out = 0; + csp->gz_stream->avail_in = 0; + csp->gz_stream->avail_out = 0; + /* windowBits is passed < 0 to suppress zlib header */ + if (deflateInit2(csp->gz_stream, level, Z_DEFLATED, -MAX_WBITS, + DEF_MEM_LEVEL, strategy) != Z_OK) { + csp->gz_stream = 0; + return -1; + } + memcpy(csp->gz_buffer, gzip_hdr, sizeof(gzip_hdr)); + csp->gz_stream->next_out = csp->gz_buffer + sizeof(gzip_hdr); + csp->gz_stream->avail_out = csp->gz_buffer_size - sizeof(gzip_hdr); + } + return 0; +} + +int write_compression_tailer(struct client_state *csp) { + if (csp->compressing_content) { + char buf[8]; + char *dest = buf; + int n; + uLong x; + int done = 0; + int err; + + if (csp->gz_stream == 0) { + return -1; + } + for (;;) { + uInt len = csp->gz_buffer_size - csp->gz_stream->avail_out; + + if (len > 0) { + if (csp->gz_debug_fd >= 0) { + write(csp->gz_debug_fd, csp->gz_buffer, len); + } + if (write_socket(csp->cfd, csp->gz_buffer, len) != len) { + return -1; + } +/* fprintf(logfp, "wrote -- compressed %d bytes\n", len); */ + csp->gz_stream->next_out = csp->gz_buffer; + csp->gz_stream->avail_out = csp->gz_buffer_size; + } + if (done) break; + err = deflate(csp->gz_stream, Z_FINISH); + + /* Ignore the second of two consecutive flushes: */ + if (len == 0 && err == Z_BUF_ERROR) err = Z_OK; + + /* deflate has finished flushing only when it hasn't used up + * all the available space in the output buffer: + */ + done = (csp->gz_stream->avail_out != 0 || err == Z_STREAM_END); + + if (err != Z_OK && err != Z_STREAM_END) break; + } + if (err != Z_STREAM_END) { + return -1; + } + + x = csp->gz_crc; + for (n = 0; n < 4; n++) { + *dest++ = (x & 0xff); + x >>= 8; + } + x = csp->gz_stream->total_in; + for (n = 0; n < 4; n++) { + *dest++ = (x & 0xff); + x >>= 8; + } +/* fprintf(logfp, "Compression bufer - uncompressed size = %d\n", csp->gz_stream->total_in); */ + + if (csp->gz_debug_fd >= 0) { + write(csp->gz_debug_fd, buf, sizeof(buf)); + } + if (write_socket(csp->cfd, buf, sizeof(buf)) != sizeof(buf)) { + return -1; + } + } + return 0; +} + +/* Returns: 0 upon success, non-zero upon failure +*/ +int write_compression_buf(struct client_state *csp, char *buf, int n) { + if (n <= 0) { + return 0; + } +/* fprintf(logfp, "write_compression_buf -- uncompressed %d bytes\n", n); */ + if (csp->compressing_content) { + if (csp->gz_stream == 0) { + return -1; + } + csp->gz_crc = crc32(csp->gz_crc, (const Bytef *)buf, n); + csp->gz_stream->next_in = buf; + csp->gz_stream->avail_in = n; + + while (csp->gz_stream->avail_in != 0) { + + if (csp->gz_stream->avail_out == 0) { + + csp->gz_stream->next_out = csp->gz_buffer; + if (csp->gz_debug_fd >= 0) { + write(csp->gz_debug_fd, csp->gz_buffer, csp->gz_buffer_size); + } + if (write_socket(csp->cfd, csp->gz_buffer, csp->gz_buffer_size) != csp->gz_buffer_size) { + return -1; + } +/* fprintf(logfp, "wrote -- compressed %d bytes\n", csp->gz_buffer_size); */ + csp->gz_stream->avail_out = csp->gz_buffer_size; + } + if (deflate(csp->gz_stream, Z_NO_FLUSH) != Z_OK) { + return -1; + } + } + } else { + if (csp->gz_debug_fd >= 0) { + write(csp->gz_debug_fd, buf, n); + } + if (write_socket(csp->cfd, buf, n) != n) { + return -1; + } + } + return 0; +} + int read_socket(int fd, char *buf, int n) { @@ -221,16 +367,24 @@ void chat(struct client_state *csp) { - char buf[BUFSIZ], *hdr, *p, *req; + char buf[SOCKET_BUF_SIZE], *hdr, *p, *req; char *err = NULL; char *eno; fd_set rfds; int n, maxfd, server_body; + int accept_gzip = 0; /* Accept-Encoding: gzip */ + char *content_type = 0; + char *content_encoding = 0; + char *content_length = 0; struct cookie_spec *cs; struct gateway *gw; struct http_request *http; + char *iob_buf; + int iob_len; + http = csp->http; + csp->compressing_content = 0; /* read the client's request. * note that since we're not using select() @@ -342,9 +496,19 @@ if(p == NULL) break; enlist(csp->headers, p); + if (strncasecmp(p, "Accept-Encoding: ", 17) == 0 && + (strcasecmp(p + 17, "gzip") == 0 || + strncasecmp(p + 17, "gzip,", 5) == 0)) { + accept_gzip = 1; + } freez(p); } + if(DEBUG(LOG)) { + fprintf(logfp, "Client %s gzip\n", + accept_gzip ? "accepts" : "does not accept"); + } + /* filter it as required */ hdr = sed(client_patterns, add_client_headers, csp); @@ -448,9 +612,10 @@ */ n = strlen(hdr); + iob_len = flush_buffer(csp, &iob_buf); if((write_socket(csp->sfd, hdr, n) != n) - || (flush_socket(csp->sfd, csp ) < 0)) { + || (iob_len > 0 && write_socket(csp->sfd, iob_buf, iob_len) != iob_len)) { if(DEBUG(CON)) { fprintf(logfp, "%s: write header to: %s failed: ", prog, http->hostport); @@ -554,7 +719,7 @@ if(server_body || http->ssl) { /* just write */ - if(write_socket(csp->cfd, buf, n) != n) { + if(write_compression_buf(csp, buf, n) != 0) { fprintf(logfp, "%s: write to client failed: ", prog); fperror(logfp, ""); @@ -576,8 +741,19 @@ /* see following note */ break; } - enlist(csp->headers, p); - freez(p); + if (strncasecmp(p, "Content-Type: ", 14) == 0) { + freez(content_type); + content_type = p; + } else if (strncasecmp(p, "Content-Length: ", 16) == 0) { + freez(content_length); + content_length = p; + } else if (strncasecmp(p, "Content-Encoding: ", 18) == 0) { + freez(content_encoding); + content_encoding = p; + } else { + enlist(csp->headers, p); + freez(p); + } } /* NOTE: there are no "empty" headers so @@ -596,6 +772,38 @@ * filter it and send the result to the client */ + if (auto_compress && + accept_gzip && + content_encoding == 0 && + content_type != 0 && + (strncasecmp(content_type, "Content-Type: text/html", 23) == 0 + || strncasecmp(content_type, "Content-Type: text/plain", 24) == 0)) { + /* Can compress output */ + content_encoding = strdup("Content-Encoding: gzip"); + if (DEBUG(LOG) && content_length != 0) { + fprintf(logfp, "Pre-compression %s\n", content_length); + } + freez(content_length); + csp->compressing_content = 1; + } + if (content_length) { + enlist(csp->headers, content_length); + } + if (content_type) { + enlist(csp->headers, content_type); + } + if (content_encoding) { + enlist(csp->headers, content_encoding); + } + freez(content_type); + freez(content_encoding); + freez(content_length); + + if(DEBUG(LOG)) { + fprintf(logfp, "%s result\n", + csp->compressing_content ? "Compressing" : "Not compressing"); + } + hdr = sed( server_patterns, add_server_headers, @@ -608,8 +816,10 @@ * may be in the buffer) */ - if((write_socket(csp->cfd, hdr, n) != n) - || (flush_socket(csp->cfd, csp ) < 0)) { + iob_len = flush_buffer(csp, &iob_buf); + + if ((write_compression_header(csp, hdr, n) != 0) + || (write_compression_buf(csp, iob_buf, iob_len) != 0)) { if(DEBUG(CON)) { fprintf(logfp, "%s: write header to client failed: ", @@ -639,7 +849,18 @@ void serve(struct client_state *csp) { + char compress_buf[SOCKET_BUF_SIZE]; + csp->gz_buffer = compress_buf; + csp->gz_buffer_size = sizeof(compress_buf); + csp->gz_debug_fd = -1; chat(csp); + write_compression_tailer(csp); + if (csp->gz_debug_fd >= 0) { + close(csp->gz_debug_fd); + } + if (csp->gz_stream != 0) { + deflateEnd(csp->gz_stream); + } close_socket(csp->cfd); if(csp->sfd >= 0) { @@ -766,6 +987,11 @@ if(strcmp(cmd, "add-forwarded-header") == 0) { add_forwarded = 1; + continue; + } + + if(strcmp(cmd, "auto-compress") == 0) { + auto_compress = 1; continue; } diff -urN ijb20.org/jcc.h ijb20/jcc.h --- ijb20.org/jcc.h Fri Mar 30 00:46:31 2001 +++ ijb20/jcc.h Fri Mar 30 01:10:45 2001 @@ -1,8 +1,14 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. * This code comes with NO WARRANTY. http://www.junkbusters.com/ht/en/gpl.html */ +#include "zlib.h" /* For gzFile data type */ + #define GPC 0x0001 #define CON 0x0002 #define IO 0x0004 @@ -52,10 +58,17 @@ extern int suppress_blocklists; /* anw */ +typedef struct http_request *dummy_predecl1; +typedef struct client_state *dummy_predecl2; +typedef struct block_spec *dummy_predecl3; + struct gateway { /* generic attributes */ char *name; - int (*conn)(); + int (*conn)( + struct gateway *gw, + struct http_request *http, + struct client_state *csp); int type; /* domain specific attributes */ @@ -96,8 +109,6 @@ struct list *next; }; -int add_to_iob(); - #define IOB_PEEK(CSP) ((CSP->iob->cur > CSP->iob->eod) ? (CSP->iob->eod - CSP->iob->cur) : 0) #define IOB_RESET(CSP) if(CSP->iob->buf) free(CSP->iob->buf); memset(CSP->iob, '\0', sizeof(CSP->iob)); @@ -121,6 +132,14 @@ int active; + int compressing_content; + int gz_debug_fd; + z_stream *gz_stream; /* compression stream */ + z_stream gz_stream_struct; + char *gz_buffer; + int gz_buffer_size; + uLong gz_crc; /* crc32 of uncompressed data */ + /* files associated with this client */ struct file_list *alist; struct file_list *ilist; /* swa */ @@ -140,13 +159,18 @@ struct parsers { char *str; char len; - char *(*parser)(); + char *(*parser)( + struct parsers *v, + char *s, + struct client_state *csp); }; struct interceptors { char *str; char len; - char *(*interceptor)(); + char *(*interceptor)( + struct http_request *http, + struct client_state *csp); }; /* this allows the proxy to permit/block access to any host and/or path */ @@ -170,7 +194,7 @@ void *f; /* this is a pointer to the data structures * associated with the file */ - void (*unloader)(); + void (*unloader)(void *b); int active; char *proxy_args; struct file_list *next; @@ -216,11 +240,12 @@ extern struct file_list files[]; extern struct proxy_args proxy_args[]; -extern int (*loaders[])(); -extern int run_loader(); -extern void add_loader(), unload_url(), destroy_list(), *zalloc(); -extern int bind_port(), accept_connection(), atoip(); -extern int strcmpic(), strncmpic(); +extern int (*loaders[])(struct client_state *csp); + +/* Prototypes from bind.c +*/ +extern int bind_port(char *haddr, int hport); +extern int accept_connection(int fd); #define NLOADERS 8 #define SZ(X) (sizeof(X) / sizeof(*X)) @@ -229,49 +254,138 @@ extern char *html_code_map[]; extern char *cookie_code_map[]; -extern void fperror(), enlist(); -extern char *safe_strerror(), *strsav(), *get_header(), *sed(), *add_stats(); -extern void parse_http_request(); -extern void free_http_request(); - -extern int domaincmp(), ssplit(); -extern struct url_spec dsplit(); - -extern int read_header(), connect_to(), main(); -extern int read_socket(), write_socket(), getchar_socket(), flush_socket(); -extern void close_socket(); - -extern int block_acl(); - -/* parsers */ -extern char *crumble(); -extern char *url_http(), *url_https(); -extern char *client_referrer(), *client_uagent(), *client_ua(); -extern char *client_x_forwarded(), *client_from(), *client_send_cookie(); -extern char *server_set_cookie(); - -/* adders */ -extern void client_cookie_adder(), client_xtra_adder(); -extern void client_x_forwarded_adder(); - -/* interceptors */ -extern char *show_proxy_args(); -extern char *ij_blocked_url(); -extern char *ij_untrusted_url(); - -extern int load_blockfile(), load_cookiefile(), load_trustfile(), - load_forwardfile(), load_aclfile(), load_imagefile(); /* swa */ -extern void init_proxy_args(), end_proxy_args(), savearg(), sweep(); - -extern char *url_encode(), *url_decode(); - -/* filters */ -extern char *intercept_url(); -extern char *block_url(); -extern char *block_imageurl(); /* swa */ -extern char *trust_url(); -extern struct cookie_spec *cookie_url(); -extern struct gateway *forward_url(); +/* Prototypes from encode.c +*/ +extern char *url_encode(char **code_map, unsigned char *s); +extern char *url_decode(char *str); + +/* Prototypes from parsers.c +*/ +extern char *sed( + struct parsers pats[], + void (*more_headers[])(struct client_state *csp), + struct client_state *csp); +extern char *get_header(struct client_state *csp); +extern void enlist(struct list *h, char *s); +extern void destroy_list(struct list *h); +extern void parse_http_request( + char *req, + struct http_request *http, + struct client_state *csp); +extern void free_http_request(struct http_request *http); +extern int flush_buffer(struct client_state *csp, char **pbuf); +extern int strcmpic(char *s1, char *s2); +extern int strncmpic(char *s1, char *s2, size_t n); +extern int add_to_iob(struct client_state *csp, char *buf, int n); + +/* Prototypes from loaders.c +*/ +extern char *strsav(char *old, char *text_to_append); +extern int run_loader(struct client_state *csp); +extern void add_loader(int (*loader)(struct client_state *csp)); +extern void unload_url(struct url_spec *url); +extern void *zalloc(int size); +extern void init_proxy_args(int argc, char *argv[]); +extern void end_proxy_args(); +extern void savearg(char *c, char *o); +extern void sweep(); + +/* Prototypes from jcc.c +*/ +extern void fperror(FILE *fp, char *str); +extern char *safe_strerror(int err); +extern int main(int argc, char *argv[]); +extern int write_socket(int fd, char *buf, int n); +extern int read_socket(int fd, char *buf, int n); +extern void close_socket(int fd); + +/* Prototypes from filters.c +*/ +extern int domaincmp(struct url_spec *pattern, struct url_spec *fqdn); +extern struct url_spec dsplit(char *domain); +extern char *add_stats (char *s); + +/* Prototypes from ssplit.c +*/ +extern int ssplit(char *s, char *c, char *v[], int n, int m, int l); + +/* Prototypes from conn.c +*/ +extern int connect_to(char *host, int portnum, struct client_state *csp); +extern int direct_connect( + struct gateway *gw, + struct http_request *http, + struct client_state *csp); +extern int atoip(char *host); + +/* Prototypes from acl.c +*/ +extern int block_acl( + struct access_control_addr *src, + struct access_control_addr *dst, + struct client_state *csp); + +/* parsers from parsers.c +*/ +extern char *crumble + (struct parsers *v, char *s, struct client_state *csp); +extern char *client_referrer + (struct parsers *v, char *s, struct client_state *csp); +extern char *client_uagent + (struct parsers *v, char *s, struct client_state *csp); +extern char *client_ua + (struct parsers *v, char *s, struct client_state *csp); +extern char *client_x_forwarded + (struct parsers *v, char *s, struct client_state *csp); +extern char *client_from + (struct parsers *v, char *s, struct client_state *csp); +extern char *client_send_cookie + (struct parsers *v, char *s, struct client_state *csp); +extern char *server_set_cookie + (struct parsers *v, char *s, struct client_state *csp); + +/* adders from parsers.c +*/ +extern void client_cookie_adder(struct client_state *csp); +extern void client_xtra_adder(struct client_state *csp); +extern void client_x_forwarded_adder(struct client_state *csp); + +/* interceptors from filters.c +*/ +extern char *show_proxy_args + (struct http_request *http, struct client_state *csp); +extern char *ij_blocked_url + (struct http_request *http, struct client_state *csp); +extern char *ij_untrusted_url + (struct http_request *http, struct client_state *csp); + +/* loaders from loaders.c +*/ +extern int load_blockfile(struct client_state *csp); +extern int load_cookiefile(struct client_state *csp); +extern int load_trustfile(struct client_state *csp); +extern int load_forwardfile(struct client_state *csp); + +/* loaders from acl.c +*/ +extern int load_aclfile(struct client_state *csp); +extern int load_imagefile(struct client_state *csp); + +/* filters from filters.c +*/ +extern char *intercept_url + (struct http_request *http, struct client_state *csp); +extern char *block_url + (struct http_request *http, struct client_state *csp); +extern char *block_imageurl + (struct http_request *http, struct client_state *csp); +extern char *trust_url + (struct http_request *http, struct client_state *csp); +extern struct cookie_spec *cookie_url + (struct http_request *http, struct client_state *csp); +extern struct gateway *forward_url + (struct http_request *http, struct client_state *csp); + extern struct gateway gateways[], *gw_default; extern struct parsers url_patterns[]; @@ -279,12 +393,18 @@ extern struct parsers server_patterns[]; extern struct interceptors intercept_patterns[]; -extern void (*add_client_headers[])(); +extern void (*add_client_headers[])(struct client_state *csp); extern void (*add_server_headers[])(); extern char DEFAULT_USER_AGENT[]; -extern int socks4_connect(), direct_connect(); +/* Prototypes from socks4.c +*/ +extern int socks4_connect( + struct gateway *gw, + struct http_request *http, + struct client_state *csp); + #define SOCKS_4 40 /* original SOCKS 4 protocol */ #define SOCKS_4A 41 /* as modified for hosts w/o external DNS */ diff -urN ijb20.org/junkbstr.ini ijb20/junkbstr.ini --- ijb20.org/junkbstr.ini Fri Oct 30 22:58:48 1998 +++ ijb20/junkbstr.ini Fri Mar 30 01:03:05 2001 @@ -1,128 +1,133 @@ -# Sample Configuration file for the Internet Junkbuster 2.0 - -# -# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use -# under the GNU General Public License. These files come with NO WARRANTY. -# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. -# -# When starting the proxy, give the name of this file as an argument. -# Any changes made to this file are *not* automatically loaded; you have -# to stop and restart the proxy. - -# For information see http://www.junkbusters.com/ht/en/ijbman.html -# or the documentation that came with the release - -# Lines beginning with a # character are comments; they are ignored. -# Many example lines are provided here commented out - -# the blockfile contains patterns to be blocked by the proxy -blockfile sblock.ini # comments are OK here, too -# -# or can use full paths for files, like so -# -#blockfile /usr/local/lib/junkbusters/blockfile - -# the cookiefile contains patterns to specify the cookie management policy -# -cookiefile scookie.ini - -# the logfile is where all logging and error messages are written -# -#logfile logfile - -# the jarfile is where cookies can be stored -# -#jarfile jarfile - -# the forwardfile defines domain-specific routing -# -#forwardfile sforward.ini - -# file which lists and into which trusted domains are written -# -#trustfile strust.ini -# files specify locations of "for information about trusted referers, see.." -# multiple trust_info_url lines are OK -# -# trust_info_url http://internet.junkbuster.com/ -# trust_info_url http://www.yoursite.com/trust_policy.html -# - -# The access control list file can be used to restrict IP addresses -# that are permitted to use the proxy (see warnings in the FAQ). -# -#aclfile saclfile.ini - -# add an "X-Forwarded-For:" specification to each request header -# -#add-forwarded-header - -# if logging cookies into a jarfile, and no other wafers were -# explicity set, then by default a vanilla wafer is sent with -# each request. -# -# setting 'suppress-vanilla-wafer' stops this vanilla wafer from -# being sent. -# -#suppress-vanilla-wafer - -# add these wafers to each request header -# multiple wafer lines are OK -# -#wafer NOTE=Like most people, I want my browsing to be anonymous. -#wafer WARNING=Please do not attempt to track me. - -# Anything can be added to the request headers. Please don't litter. -# multiple add-header lines are OK -# -#add-header Forwarded: by http://pro-privacy-isp.net -#add-header Proxy-Connection: Keep-Alive - -# listen-address specifies where the Junkbuster will listen for connections -# (it's equivalent to the -h option in Version 1) -# Specifying a port is optional; if unspecified the defaults is 8000. -# Before Version 2.0.2 the default was to bind to all IP addresses (INADDR_ANY) -# This has been restricted to localhost to avoid unintended security breaches. -# To open the proxy to all, uncomment the following line: -#listen-address :8000 -# other example usage: -#listen-address 124.207.250.245:8080 -# to explicitly state what is now the default: -#listen-address localhost - -# user-agent specifies treatment of the "User-Agent:" (and "UA-*:") header(s) -#user-agent @ -# note: Russian browsers may be confused if user agent misidentifies -# the operating system (Mac vs Windows); see FAQ -#user-agent . - -# referer specifies treatment of the "Referer:" header -# -#referer @ - -# from specifies value to be subsituted if browser provides a "From:" header -# -#from spam-me-senseless@sittingduck.net - -# hide-console is used only on Win32. It instructs the Internet Junkbuster -# to disconnect from and hide the command console. -# -#hide-console - -# debug sets the level of debugging information to log in the logfile -# -# debug 1 # GPC = show each GET/POST/CONNECT request -# debug 2 # CONN = show each connection status -# debug 4 # IO = show I/O status -# debug 8 # HDR = show header parsing -# debug 16 # LOG = log all data into the logfile -# -# multiple "debug" directives, are OK - they're logical-OR'd together -# -# debug 15 # same as setting the first 4 listed above - -# single-threaded operation (i.e. disallows multiple threads or processes) -# This is most often used for debugging because it keeps the -# debugging output "in order" for easy reading. -# -#single-threaded +# Sample Configuration file for the Internet Junkbuster 2.0 + +# +# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use +# under the GNU General Public License. These files come with NO WARRANTY. +# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. +# +# When starting the proxy, give the name of this file as an argument. +# Any changes made to this file are *not* automatically loaded; you have +# to stop and restart the proxy. + +# For information see http://www.junkbusters.com/ht/en/ijbman.html +# or the documentation that came with the release + +# Lines beginning with a # character are comments; they are ignored. +# Many example lines are provided here commented out + +# if auto-compress is active and the client-request has ACCEPT-ENCODING: gzip +# then any unencoded text/html text/plain content is compressed +# +#auto-compress + +# the blockfile contains patterns to be blocked by the proxy +blockfile sblock.ini # comments are OK here, too +# +# or can use full paths for files, like so +# +#blockfile /usr/local/lib/junkbusters/blockfile + +# the cookiefile contains patterns to specify the cookie management policy +# +cookiefile scookie.ini + +# the logfile is where all logging and error messages are written +# +#logfile logfile + +# the jarfile is where cookies can be stored +# +#jarfile jarfile + +# the forwardfile defines domain-specific routing +# +#forwardfile sforward.ini + +# file which lists and into which trusted domains are written +# +#trustfile strust.ini +# files specify locations of "for information about trusted referers, see.." +# multiple trust_info_url lines are OK +# +# trust_info_url http://internet.junkbuster.com/ +# trust_info_url http://www.yoursite.com/trust_policy.html +# + +# The access control list file can be used to restrict IP addresses +# that are permitted to use the proxy (see warnings in the FAQ). +# +#aclfile saclfile.ini + +# add an "X-Forwarded-For:" specification to each request header +# +#add-forwarded-header + +# if logging cookies into a jarfile, and no other wafers were +# explicity set, then by default a vanilla wafer is sent with +# each request. +# +# setting 'suppress-vanilla-wafer' stops this vanilla wafer from +# being sent. +# +#suppress-vanilla-wafer + +# add these wafers to each request header +# multiple wafer lines are OK +# +#wafer NOTE=Like most people, I want my browsing to be anonymous. +#wafer WARNING=Please do not attempt to track me. + +# Anything can be added to the request headers. Please don't litter. +# multiple add-header lines are OK +# +#add-header Forwarded: by http://pro-privacy-isp.net +#add-header Proxy-Connection: Keep-Alive + +# listen-address specifies where the Junkbuster will listen for connections +# (it's equivalent to the -h option in Version 1) +# Specifying a port is optional; if unspecified the defaults is 8000. +# Before Version 2.0.2 the default was to bind to all IP addresses (INADDR_ANY) +# This has been restricted to localhost to avoid unintended security breaches. +# To open the proxy to all, uncomment the following line: +#listen-address :8000 +# other example usage: +#listen-address 124.207.250.245:8080 +# to explicitly state what is now the default: +#listen-address localhost + +# user-agent specifies treatment of the "User-Agent:" (and "UA-*:") header(s) +#user-agent @ +# note: Russian browsers may be confused if user agent misidentifies +# the operating system (Mac vs Windows); see FAQ +#user-agent . + +# referer specifies treatment of the "Referer:" header +# +#referer @ + +# from specifies value to be subsituted if browser provides a "From:" header +# +#from spam-me-senseless@sittingduck.net + +# hide-console is used only on Win32. It instructs the Internet Junkbuster +# to disconnect from and hide the command console. +# +#hide-console + +# debug sets the level of debugging information to log in the logfile +# +# debug 1 # GPC = show each GET/POST/CONNECT request +# debug 2 # CONN = show each connection status +# debug 4 # IO = show I/O status +# debug 8 # HDR = show header parsing +# debug 16 # LOG = log all data into the logfile +# +# multiple "debug" directives, are OK - they're logical-OR'd together +# +# debug 15 # same as setting the first 4 listed above + +# single-threaded operation (i.e. disallows multiple threads or processes) +# This is most often used for debugging because it keeps the +# debugging output "in order" for easy reading. +# +#single-threaded diff -urN ijb20.org/loaders.c ijb20/loaders.c --- ijb20.org/loaders.c Fri Mar 30 00:46:31 2001 +++ ijb20/loaders.c Fri Mar 30 01:17:06 2001 @@ -3,6 +3,9 @@ * Distributed under the GNU General Public License; see the README file. * This code comes with NO WARRANTY. http://www.junkbusters.com/ht/en/gpl.html */ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ #include #include @@ -360,7 +363,7 @@ /* the old one is now obsolete */ if(current_blockfile) { - current_blockfile->unloader = unload_blockfile; + current_blockfile->unloader = (void (*)(void *)) unload_blockfile; } current_blockfile = fs; @@ -552,7 +555,7 @@ /* the old one is now obsolete */ if(current_imagefile) { - current_imagefile->unloader = unload_imagefile; + current_imagefile->unloader = (void (*)(void *)) unload_imagefile; } current_imagefile = fs; @@ -575,7 +578,6 @@ struct cookie_spec *b, *bl; char buf[BUFSIZ], *p, *q; - char *tmp_vec[BUFSIZ]; int port, user_cookie, server_cookie; static struct stat prev[1], curr[1]; static struct file_list *fs; @@ -755,7 +757,7 @@ } /* split domain into components */ - *url = dsplit(b->url->domain, tmp_vec); + *url = dsplit(b->url->domain); b->url->dbuf = url->dbuf; b->url->dcnt = url->dcnt; b->url->dvec = url->dvec; @@ -767,7 +769,7 @@ /* the old one is now obsolete */ if(current_cookiefile) { - current_cookiefile->unloader = unload_cookiefile; + current_cookiefile->unloader = (void (*)(void *)) unload_cookiefile; } current_cookiefile = fs; @@ -975,7 +977,7 @@ /* the old one is now obsolete */ if(current_trustfile) { - current_trustfile->unloader = unload_trustfile; + current_trustfile->unloader = (void (*)(void *)) unload_trustfile; } current_trustfile = fs; @@ -1234,7 +1236,7 @@ /* the old one is now obsolete */ if(current_forwardfile) { - current_forwardfile->unloader = unload_forwardfile; + current_forwardfile->unloader = (void (*)(void *)) unload_forwardfile; } current_forwardfile = fs; @@ -1442,7 +1444,7 @@ } void -add_loader(int (*loader)()) +add_loader(int (*loader)(struct client_state *csp)) { int i; diff -urN ijb20.org/parsers.c ijb20/parsers.c --- ijb20.org/parsers.c Fri Mar 30 00:46:31 2001 +++ ijb20/parsers.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *parsers_rcs = "$Id: parsers.c,v 1.26 1998/10/23 01:54:12 ACJC Exp $"; /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. @@ -76,15 +80,15 @@ } int -flush_socket(int fd, struct client_state *csp) +flush_buffer(struct client_state *csp, char **pbuf) { struct iob *iob = csp->iob; int n = iob->eod - iob->cur; + if (pbuf != 0) { + *pbuf = iob->cur; + } if(n <= 0) return(0); - - n = write_socket(fd, iob->cur, n); - iob->eod = iob->cur = iob->buf; return(n); @@ -168,7 +172,7 @@ if((q = strchr(ret, '\r'))) *q = '\0'; - /* is this a blank linke (i.e. the end of the header) ? */ + /* is this a blank line (i.e. the end of the header) ? */ if(*ret == '\0') { freez(ret); return(NULL); @@ -264,15 +268,15 @@ */ char * -sed(pats, more_headers, csp) -struct parsers pats[]; -int (*more_headers[])(); -struct client_state *csp; +sed( + struct parsers pats[], + void (*more_headers[])(struct client_state *csp), + struct client_state *csp) { struct list *p; struct parsers *v; char *hdr; - int (**f)(); + void (**f)(struct client_state *csp); for(p = csp->headers->next; p ; p = p->next) { diff -urN ijb20.org/saclfile.ini ijb20/saclfile.ini --- ijb20.org/saclfile.ini Fri Oct 30 22:58:48 1998 +++ ijb20/saclfile.ini Fri Mar 30 01:03:05 2001 @@ -1,102 +1,102 @@ -# Access Control List for the Internet Junkbuster 2.0 -# -# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use -# under the GNU General Public License. These files come with NO WARRANTY. -# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. -# -# Access controls are included at the request of some ISPs and systems -# administrators, and are not usually needed by individual users. -# Please note the warnings in the FAQ that this proxy is not -# intended to be a substitute for a firewall or to encourage anyone -# to defer addressing basic security weaknesses. -# For details see http://www.junkbusters.com/ht/en/ijbman.html#aclfile - -# For this file to have any effect, the line beginning "aclfile" -# must be commented in, with the name of this file following the word "aclfile" - -# If no access file is specified, the proxy talks to anyone that connects. -# If an access file is specified, the proxy talks only to IP addresses -# permitted somewhere in this file and not denied later in this file. -# -# Summary -- if using an ACL: -# -# Client must have permission to receive service -# LAST match in ACL file wins -# Default behavior is to deny service -# -# Syntax for an entry in an Access Control List is: -# -# ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ] -# -# where the fields are -# -# ACTION = "permit" | "deny" -# -# SRC_ADDR = client hostname or dotted IP address -# SRC_MASKLEN = number of bits in the subnet mask for the source -# -# DST_ADDR = server or forwarder hostname or dotted IP address -# DST_MASKLEN = number of bits in the subnet mask for the target -# -# field separator (FS) is whitespace (space or tab) -# -# IMPORTANT NOTE -# ============== -# If the junkbuster is using a forwarder or a gateway for a particular -# destination URL, the DST_ADDRR that is examined is the address of -# the forwarder or the gateway and NOT the address of the ultimate target. -# This is necessary because it may be impossible for the local -# junkbuster to determine the address of the ultimate target -# (that's often what gateways are used for). -# -# Here are a few examples to show how the ACL works: - -# localhost is OK -- no DST_ADDR implies that ALL destination addresses are OK -# permit localhost - -# a silly example to illustrate: -# -# permit any host on the class-C subnet with junkbusters to go anywhere -# -# permit www.junkbusters.com/24 -# -# except deny one particular IP address from using it at all -# -# deny ident.junkbusters.com - -# another example -# -# You can specify an explicit network address and subnet mask. -# Explicit addresses do not have to be resolved to be used. -# -# permit 207.153.200.0/24 - -# a subnet mask of 0 matches anything, so the next line permits everyone. -# -# permit 0.0.0.0/0 - -# Note: you cannot say -# -# permit .org -# -# to allow all .org domains; every IP-address listed must resolve fully. - -# An ISP may want to provide a junkbuster that is accessible by "the world" -# and yet restrict use of some of their private content to hosts on its -# internal network (i.e. its own subscribers). Say, for instance the -# ISP owns the Class-B IP address block 123.124.0.0 (a 16 bit netmask). -# This is how they could do it: - -# permit 0.0.0.0/0 0.0.0.0/0 # other clients can go anywhere -# with the following exceptions: -# -# deny 0.0.0.0/0 123.124.0.0/16 # block all external requests for -# sites on the ISP's network -# -# permit 0.0.0.0/0 www.my_isp.com # except for the ISP's main web site -# -# permit 123.124.0.0/16 0.0.0.0/0 # the ISP's clients can go anywhere - -# Note that some hostnames may be listed with multiple IP addresses; -# the primary value returned by gethostbyname() is used. -# +# Access Control List for the Internet Junkbuster 2.0 +# +# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use +# under the GNU General Public License. These files come with NO WARRANTY. +# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. +# +# Access controls are included at the request of some ISPs and systems +# administrators, and are not usually needed by individual users. +# Please note the warnings in the FAQ that this proxy is not +# intended to be a substitute for a firewall or to encourage anyone +# to defer addressing basic security weaknesses. +# For details see http://www.junkbusters.com/ht/en/ijbman.html#aclfile + +# For this file to have any effect, the line beginning "aclfile" +# must be commented in, with the name of this file following the word "aclfile" + +# If no access file is specified, the proxy talks to anyone that connects. +# If an access file is specified, the proxy talks only to IP addresses +# permitted somewhere in this file and not denied later in this file. +# +# Summary -- if using an ACL: +# +# Client must have permission to receive service +# LAST match in ACL file wins +# Default behavior is to deny service +# +# Syntax for an entry in an Access Control List is: +# +# ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ] +# +# where the fields are +# +# ACTION = "permit" | "deny" +# +# SRC_ADDR = client hostname or dotted IP address +# SRC_MASKLEN = number of bits in the subnet mask for the source +# +# DST_ADDR = server or forwarder hostname or dotted IP address +# DST_MASKLEN = number of bits in the subnet mask for the target +# +# field separator (FS) is whitespace (space or tab) +# +# IMPORTANT NOTE +# ============== +# If the junkbuster is using a forwarder or a gateway for a particular +# destination URL, the DST_ADDRR that is examined is the address of +# the forwarder or the gateway and NOT the address of the ultimate target. +# This is necessary because it may be impossible for the local +# junkbuster to determine the address of the ultimate target +# (that's often what gateways are used for). +# +# Here are a few examples to show how the ACL works: + +# localhost is OK -- no DST_ADDR implies that ALL destination addresses are OK +# permit localhost + +# a silly example to illustrate: +# +# permit any host on the class-C subnet with junkbusters to go anywhere +# +# permit www.junkbusters.com/24 +# +# except deny one particular IP address from using it at all +# +# deny ident.junkbusters.com + +# another example +# +# You can specify an explicit network address and subnet mask. +# Explicit addresses do not have to be resolved to be used. +# +# permit 207.153.200.0/24 + +# a subnet mask of 0 matches anything, so the next line permits everyone. +# +# permit 0.0.0.0/0 + +# Note: you cannot say +# +# permit .org +# +# to allow all .org domains; every IP-address listed must resolve fully. + +# An ISP may want to provide a junkbuster that is accessible by "the world" +# and yet restrict use of some of their private content to hosts on its +# internal network (i.e. its own subscribers). Say, for instance the +# ISP owns the Class-B IP address block 123.124.0.0 (a 16 bit netmask). +# This is how they could do it: + +# permit 0.0.0.0/0 0.0.0.0/0 # other clients can go anywhere +# with the following exceptions: +# +# deny 0.0.0.0/0 123.124.0.0/16 # block all external requests for +# sites on the ISP's network +# +# permit 0.0.0.0/0 www.my_isp.com # except for the ISP's main web site +# +# permit 123.124.0.0/16 0.0.0.0/0 # the ISP's clients can go anywhere + +# Note that some hostnames may be listed with multiple IP addresses; +# the primary value returned by gethostbyname() is used. +# diff -urN ijb20.org/sblock.ini ijb20/sblock.ini --- ijb20.org/sblock.ini Fri Oct 30 22:58:48 1998 +++ ijb20/sblock.ini Fri Mar 30 01:03:05 2001 @@ -1,50 +1,51 @@ -# Illustrative Blockfile for the Internet Junkbuster -# -# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use -# under the GNU General Public License. These files come with NO WARRANTY. -# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. -# -# For more detail, see http://www.junkbusters.com/ht/en/ijbfaq.html#blocking -# -# More comprehensive blockfiles are available elsewhere, ask a search engine -# for documents that mention "junkbuster" and are called "blocklist" e.g. -# http://www.altavista.com/cgi-bin/query?pg=q&what=web&fmt=.&q=%2Bjunkbuster+%2Burl%3Ablocklist - -# Empty lines and comment lines beginning with a # is ignored. - -# The following line illustrates how to block a port (port 23 is telnet) -:23 -# for more detail see http://www.junkbusters/com/ht/en/ijbfaq.html#attack - -# To block a particular URL, you can list it in full (omit the http://): -www.junkbusters.com/images/space.gif - -# Almost all the following examples are commented out. To make them work, -# remove the comment so that this: -# www7.suckerfinder.com/cgi-bin/compost_tumbler/strayed-in-from=14387 -# looks like this: -www7.suckerfinder.com/cgi-bin/compost_tumbler/strayed-in-from=14387 - -# You can chop off parts on the left and right to get a broader block: -suckerfinder.com/cgi-bin/compost_tumbler/ - -# To block an entire site, simply include its domain name: -# ad.manipumedia.net -# patentlyoffensive.com - -# With no hostname, a pathname blocks regardless of the domain name: -# /images/banners/mindless/ -# /bandwidth-hogs/ - -# Provided pattern matching option was used in the Makefile (now the default) -# you can use patterns such as -# the /*.* allows matches anywhere in the URL -# /*.*banner -# /*.*/DespisedProductName.*.gif -# you can put * in the domain part only, not the path. -# ad*.*.* -# For more details see http://www.junkbusters.com/ht/en/ijbfaq.html#regex - -# The ~ character in column one stops blocking if a previous pattern matched. -# The last match wins, so these exceptions are usually placed at the end. -# ~mycompany.com +# Illustrative Blockfile for the Internet Junkbuster +# +# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use +# under the GNU General Public License. These files come with NO WARRANTY. +# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. +# +# For more detail, see http://www.junkbusters.com/ht/en/ijbfaq.html#blocking +# +# More comprehensive blockfiles are available elsewhere, ask a search engine +# for documents that mention "junkbuster" and are called "blocklist" e.g. +# http://www.altavista.com/cgi-bin/query?pg=q&what=web&fmt=.&q=%2Bjunkbuster+%2Burl%3Ablocklist + +# Empty lines and comment lines beginning with a # is ignored. + +# The following line illustrates how to block a port (port 23 is telnet) +:23 +# for more detail see http://www.junkbusters/com/ht/en/ijbfaq.html#attack + +# To block a particular URL, you can list it in full (omit the http://): +www.junkbusters.com/images/space.gif + +# Almost all the following examples are commented out. To make them work, +# remove the comment so that this: +# www7.suckerfinder.com/cgi-bin/compost_tumbler/strayed-in-from=14387 +# looks like this: +www7.suckerfinder.com/cgi-bin/compost_tumbler/strayed-in-from=14387 + +# You can chop off parts on the left and right to get a broader block: +suckerfinder.com/cgi-bin/compost_tumbler/ +anz.ads.link4ads.com/bin/wadredir?* + +# To block an entire site, simply include its domain name: +# ad.manipumedia.net +# patentlyoffensive.com + +# With no hostname, a pathname blocks regardless of the domain name: +# /images/banners/mindless/ +# /bandwidth-hogs/ + +# Provided pattern matching option was used in the Makefile (now the default) +# you can use patterns such as +# the /*.* allows matches anywhere in the URL +# /*.*banner +# /*.*/DespisedProductName.*.gif +# you can put * in the domain part only, not the path. +# ad*.*.* +# For more details see http://www.junkbusters.com/ht/en/ijbfaq.html#regex + +# The ~ character in column one stops blocking if a previous pattern matched. +# The last match wins, so these exceptions are usually placed at the end. +# ~mycompany.com diff -urN ijb20.org/scookie.ini ijb20/scookie.ini --- ijb20.org/scookie.ini Fri Oct 30 22:58:48 1998 +++ ijb20/scookie.ini Fri Mar 30 01:03:05 2001 @@ -1,19 +1,19 @@ -# Illustrative Cookiefile for the Internet Junkbuster -# For more detail, see http://www.junkbusters.com/ht/en/ijbfaq.html#cookies - -# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use -# under the GNU General Public License. These files come with NO WARRANTY. -# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. - -# Empty lines and lines beginning with a # is ignored. -# To permit an entire site to set cookies, simply include its domain name: -trustworthy.ftc.gov - -# You can allow cookies out, but stop them coming in: ->motel.ftc.gov -# For more details see http://www.junkbusters.com/ht/en/ijbfaq.html#crumble - -# The -r @ option in the cookiefile also allows selective disclosure of Referer. -# For more details see http://www.junkbusters.com/ht/en/ijbfaq.html#breakage -# >uclick.com -# >208.194.150.32 +# Illustrative Cookiefile for the Internet Junkbuster +# For more detail, see http://www.junkbusters.com/ht/en/ijbfaq.html#cookies + +# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use +# under the GNU General Public License. These files come with NO WARRANTY. +# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. + +# Empty lines and lines beginning with a # is ignored. +# To permit an entire site to set cookies, simply include its domain name: +trustworthy.ftc.gov + +# You can allow cookies out, but stop them coming in: +>motel.ftc.gov +# For more details see http://www.junkbusters.com/ht/en/ijbfaq.html#crumble + +# The -r @ option in the cookiefile also allows selective disclosure of Referer. +# For more details see http://www.junkbusters.com/ht/en/ijbfaq.html#breakage +# >uclick.com +# >208.194.150.32 diff -urN ijb20.org/sforward.ini ijb20/sforward.ini --- ijb20.org/sforward.ini Fri Oct 30 22:58:48 1998 +++ ijb20/sforward.ini Fri Mar 30 01:03:05 2001 @@ -1,96 +1,96 @@ -# Forwarding specification for Internet Junkbuster 2.0 -# -# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use -# under the GNU General Public License. These files come with NO WARRANTY. -# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. - -# For this file to have any effect, the line beginning "forwardfile" must -# be commented in, with the name of this file following the word "forwardfile" - -# -# This feature allows routing of HTTP requests via multiple proxies. -# It can be used to better protect privacy and confidentiality when -# accessing specific domains by routing requests to those domains -# to a special purpose filtering proxy such as lpwa.com -# -# It can also be used in an environment with multiple networks to route -# requests via multiple gateways allowing transparent access to multiple -# networks without having to modify browser configurations. -# -# Also specified here are special gateway protocols such as SOCKS. - -# The syntax of each line is -# -# target_domain[:port][/path] forwarding_domain[:port] gateway_type gateway_domain[:port] -# - -# A '.' in the forwarding domain/port means that requests made to the -# target domain are not forwarded but are made directly by the proxy -# (though the proxy may still use a gateway to contact the server) -# -# Lines are checked in turn, and the last match wins. -# -# There is an implicit line equivalent to the following, which specifies that -# anything not finding a match on the list is to go out without forwarding -# or gateway protocol; like so: -# -# * . . . # implicit - -# In the following common configuration, everything goes to Lucent's LPWA, -# except SSL on port 443 (which it doesn't handle) -# * lpwa.com:8000 . . -# :443 . . . - -# See the FAQ for instructions on how to automate the login procedure for LPWA. -# Some users have reported difficulties related to LPWA's use of . as the -# last element of the domain, and have said that this can be fixed with this: -# lpwa. lpwa.com:8000 . . - -# In this fictitious example, everything goes via an ISP's caching proxy, -# except requests to that ISP: -# -# * caching.myisp.net:8000 . . -# myisp.net . . . - -# For the @home network, we're told the forwarding configuration is this: -# * proxy:8080 . . -# Also, we're told they insist on getting cookies and Javascript, so you need -# to add home.com to the cookie file. We consider Javascript a security risk; -# see our page on cookies. Java need not be enabled. - -# In this example direct connections are made to all "internal" domains, -# but everything else goes through Lucent's LPWA by way of the company's -# SOCKS gateway to the Internet. -# -# * lpwa.com:8000 socks argyle.my_company.com:1080 -# my_company.com . . . - -# This is how you could set up a site that always uses SOCKS but no forwarders -# -# * . socks knee.my_company.com:1080 - -# An advanced example for network administrators. -# -# If you have links to multiple ISPs that provide various special -#content to their subscribers, you can configure forwarding to pass -# requests to the specific host that's connected to that ISP -# so that everybody can see -# all of the content on all of the ISPs. -# -# This is tricky, but here's a sample: -# -# host-a has a PPP connection to isp-a.com -# host-b has a PPP connection to isp-b.com - -# host-a can run an Internet Junkbuster proxy with forwarding like this: -# -# / . . . -# isp-b.com host-b:8000 . . -# -# host-b can run an Internet Junkbuster proxy with forwarding like this: -# / . . . -# isp-a.com host-a:8000 . . -# -# Now, *anyone* on the Internet (including users on host-a and host-b) -# can set their browser's proxy to *either* host-a or host-b and -# be able to browse the content on isp-a or isp-b. +# Forwarding specification for Internet Junkbuster 2.0 +# +# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use +# under the GNU General Public License. These files come with NO WARRANTY. +# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. + +# For this file to have any effect, the line beginning "forwardfile" must +# be commented in, with the name of this file following the word "forwardfile" + +# +# This feature allows routing of HTTP requests via multiple proxies. +# It can be used to better protect privacy and confidentiality when +# accessing specific domains by routing requests to those domains +# to a special purpose filtering proxy such as lpwa.com +# +# It can also be used in an environment with multiple networks to route +# requests via multiple gateways allowing transparent access to multiple +# networks without having to modify browser configurations. +# +# Also specified here are special gateway protocols such as SOCKS. + +# The syntax of each line is +# +# target_domain[:port][/path] forwarding_domain[:port] gateway_type gateway_domain[:port] +# + +# A '.' in the forwarding domain/port means that requests made to the +# target domain are not forwarded but are made directly by the proxy +# (though the proxy may still use a gateway to contact the server) +# +# Lines are checked in turn, and the last match wins. +# +# There is an implicit line equivalent to the following, which specifies that +# anything not finding a match on the list is to go out without forwarding +# or gateway protocol; like so: +# +# * . . . # implicit + +# In the following common configuration, everything goes to Lucent's LPWA, +# except SSL on port 443 (which it doesn't handle) +# * lpwa.com:8000 . . +# :443 . . . + +# See the FAQ for instructions on how to automate the login procedure for LPWA. +# Some users have reported difficulties related to LPWA's use of . as the +# last element of the domain, and have said that this can be fixed with this: +# lpwa. lpwa.com:8000 . . + +# In this fictitious example, everything goes via an ISP's caching proxy, +# except requests to that ISP: +# +# * caching.myisp.net:8000 . . +# myisp.net . . . + +# For the @home network, we're told the forwarding configuration is this: +# * proxy:8080 . . +# Also, we're told they insist on getting cookies and Javascript, so you need +# to add home.com to the cookie file. We consider Javascript a security risk; +# see our page on cookies. Java need not be enabled. + +# In this example direct connections are made to all "internal" domains, +# but everything else goes through Lucent's LPWA by way of the company's +# SOCKS gateway to the Internet. +# +# * lpwa.com:8000 socks argyle.my_company.com:1080 +# my_company.com . . . + +# This is how you could set up a site that always uses SOCKS but no forwarders +# +# * . socks knee.my_company.com:1080 + +# An advanced example for network administrators. +# +# If you have links to multiple ISPs that provide various special +#content to their subscribers, you can configure forwarding to pass +# requests to the specific host that's connected to that ISP +# so that everybody can see +# all of the content on all of the ISPs. +# +# This is tricky, but here's a sample: +# +# host-a has a PPP connection to isp-a.com +# host-b has a PPP connection to isp-b.com + +# host-a can run an Internet Junkbuster proxy with forwarding like this: +# +# / . . . +# isp-b.com host-b:8000 . . +# +# host-b can run an Internet Junkbuster proxy with forwarding like this: +# / . . . +# isp-a.com host-a:8000 . . +# +# Now, *anyone* on the Internet (including users on host-a and host-b) +# can set their browser's proxy to *either* host-a or host-b and +# be able to browse the content on isp-a or isp-b. diff -urN ijb20.org/socks4.c ijb20/socks4.c --- ijb20.org/socks4.c Fri Oct 30 22:58:48 1998 +++ ijb20/socks4.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *socks4_rcs = "$Id: socks4.c,v 1.10 1997/09/11 18:35:41 ACJC Exp $"; /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. @@ -12,7 +16,7 @@ #ifdef _WIN32 #include -#include +#include "win32.h" #else #include #include @@ -124,7 +128,7 @@ return(-1); } - if((n = write_socket(sfd, c, csiz)) != csiz) { + if((n = write_socket(sfd, (char *) c, csiz)) != csiz) { if(DEBUG(CON)) { fprintf(logfp, "SOCKS4 negotiation write failed..."); } diff -urN ijb20.org/ssplit.c ijb20/ssplit.c --- ijb20.org/ssplit.c Fri Oct 30 22:58:48 1998 +++ ijb20/ssplit.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *ssplit_rcs = "$Id: ssplit.c,v 1.6 1998/10/27 16:25:07 ACJC Exp $"; /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. @@ -18,6 +22,12 @@ * l = flag indicating whether to ignore leading field separators */ +#include /* For free() */ +#include /* Required by jcc.h */ +#include "gnu_regex.h" +#include "jcc.h" /* For zalloc() */ +#undef DEBUG /* DEBUG macro use in this file is not */ + /* consistent with use in jcc.h */ #include int ssplit(char *s, char *c, char *v[], int n, int m, int l) diff -urN ijb20.org/strust.ini ijb20/strust.ini --- ijb20.org/strust.ini Fri Oct 30 22:58:48 1998 +++ ijb20/strust.ini Fri Mar 30 01:03:05 2001 @@ -1,27 +1,27 @@ -# Illustrative Trustfile for the Internet Junkbuster -# -# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use -# under the GNU General Public License. These files come with NO WARRANTY. -# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. - -# For this file to have any effect, the line beginning "trustfile" must -# be commented in, with the name of this file following the word "trustfile" - -# Trustfiles are an experimental feature used for building "whitelists" -# (versus the usual "blacklists" in a blockfile). Most people don't use it. -# For more detail, see http://www.junkbusters.com/ht/en/ijbman.html#trustfile -# -# This is like parsed exactly like a blockfile, except that a '+' -# in column one is treated like a '~' (i.e. doesn't block) and -# it adds the spec to the trusted-referer list. -# -# Also, the default is to block any URL that is NOT mentioned on this list. -# -# While browsing, the domains for URLs that are referred by a trusted referer -# are added to this list. Thus this acts as a "white-list" of OK places -# to browse. Note this means that the file will grow longer with use. -# -# Example: to allow only links that came from yahooligans, uncomment this line -# +yahooligans.com -# and remove the last line (* alone), which unblock everything: -* +# Illustrative Trustfile for the Internet Junkbuster +# +# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use +# under the GNU General Public License. These files come with NO WARRANTY. +# See http://www.junkbusters.com/ht/en/gpl.html or README file for details. + +# For this file to have any effect, the line beginning "trustfile" must +# be commented in, with the name of this file following the word "trustfile" + +# Trustfiles are an experimental feature used for building "whitelists" +# (versus the usual "blacklists" in a blockfile). Most people don't use it. +# For more detail, see http://www.junkbusters.com/ht/en/ijbman.html#trustfile +# +# This is like parsed exactly like a blockfile, except that a '+' +# in column one is treated like a '~' (i.e. doesn't block) and +# it adds the spec to the trusted-referer list. +# +# Also, the default is to block any URL that is NOT mentioned on this list. +# +# While browsing, the domains for URLs that are referred by a trusted referer +# are added to this list. Thus this acts as a "white-list" of OK places +# to browse. Note this means that the file will grow longer with use. +# +# Example: to allow only links that came from yahooligans, uncomment this line +# +yahooligans.com +# and remove the last line (* alone), which unblock everything: +* diff -urN ijb20.org/win32.c ijb20/win32.c --- ijb20.org/win32.c Fri Oct 30 22:58:48 1998 +++ ijb20/win32.c Fri Mar 30 01:03:05 2001 @@ -1,3 +1,7 @@ +/* -- NB -- This code has been modified from the original + * Internet Junkbuster Proxy (TM) - see attached 'README' file for details + */ + char *win32_rcs = "$Id: win32.c,v 1.11 1998/02/06 00:23:52 ACJC Exp $"; /* Written and copyright 1997 Anonymous Coders and Junkbusters Corporation. * Distributed under the GNU General Public License; see the README file. @@ -10,7 +14,7 @@ #include "gnu_regex.h" #endif #include "jcc.h" -#include +#include "win32.h" extern int hideConsole; void InitWin32() --- ijb20.org/ijb-zlib.html Fri Mar 30 01:24:10 2001 +++ ijb20/ijb-zlib.html Fri Mar 30 01:23:41 2001 @@ -0,0 +1,172 @@ + + + ijb-zlib - a compressing proxy + + + +

+ - ijb-zlib - a compressing + proxy +

+

+[Obtaining the source] +[Compiling the source] +[Configuration] [Licence] +[Warranty] +[Version History] +[Health Disclaimer] +

+

+ijb-zlib is a modified version of the +Internet Junkbuster Proxy +v2.0.2 which can automatically compress text/html and text/plain documents +for clients which support Accept-Encoding: gzip (e.g. Netscape 4.7, Internet +Explorer 5, Lynx 2.8.3) to save downstream modem/network bandwidth. It uses +the zlib compression +library to perform on-the-fly compression of HTML documents. +

+The Internet Junkbuster source underwent substantial changes for portability: +ANSI function prototypes were added, and there is better support for a variety +of Win32 compilers, including the +LCC compiler. +

+ Obtaining the source +

+
    +
  • + The source for the zlib compression library should be obtained from + www.info-zip.org/pub/infozip/zlib/, + or download zlib version 1.1.3 from + f2.org/download/zlib113.tgz + [145Kb]. If you use the LCC + compiler under windows, download + zlib-Makefile.lcc + - a makefile for zlib version 1.1.3 using the LCC compiler. +
  • + The source for ijb-zlib is available from + f2.org/download/ijb-zlib-10.tgz + [184Kb]. The source is a gzip-ed tar file. To unzip under Unix/Linux systems, + type: +
    + tar xzvf ijb-zlib-10.tgz +
    +

    + or +

    + gunzip < ijb-zlib-10.tgz | tar xvf - +
    +

    + if you don't have a nice, clever GNU version of tar. Under windows NT, obtain + an archiving program like WinZip and extract the source by right-clicking + on the archive and selecting the 'extract' option. +

+

+ Compiling the source +

+
    +
  • + zlib: The + zlib compression + library should compile without modification. For non-Unix operating systems, + a 'Makefile' should be copied from the appropriate subdirectory (amiga, msdos, + nt, os2) and renamed 'Makefile'. +
  • + ijb-zlib: After modifying the Makefile for your operating + system & compiler (be sure to add include and library paths for + zlib source you compiled), the source should compile without + modification under the same operating systems as Internet Junkbuster Proxy + v2.0.2 +
+

+ Configuration +

+

+Refer to the supplied Internet Junkbuster Proxy manual +(ijbman.html) and FAQ (ijbfaq.html) set +up the proxy. The only additional configuration settings for ijb-zlib are: +

    +
  • + auto-compress
    + If the auto-compress setting appears in the configuration + file, proxied text/html and text/plain documents are automatically compressed + if the requesting client has specified Accept-Encoding: + gzip.
    + If the auto-compress setting is not present in the configuration + file, no compression takes place. +
+

+If you're not interested in the Internet Junkbuster cookie-filtering capabilities +and just want compression, you could try using the following configuration +files: +

    +
  • + junkbstr.ini
    + ## Enable compression
    + auto-compress
    + ## Enable all cookies to be passed
    + cookiefile scookie.ini
    + ## Accept requests on port 8000 from any machine, not just localhost
    + listen-address :8000 +
  • + scookie.ini
    + ## Accept all cookies
    + * +
+

+ Licence +

+
    +
  • + The Internet Junkbuster + Proxy (and ijb-zlib) are covered under the + GNU General Public + Licence, which basically means everyone can "use, copy and modify the + Internet Junkbuster as they wish. Companies can use it for commercial purposes, + but they are not permitted to use it in products that they claim as their + property without negotiating a separate agreement with [Junkbusters] beforehand." +
  • + The zlib compression + library is used freely in accordance with the + zlib + licence. +
+

+ Warranty: +

+ +

+ Version History: +

+ +

+ Author: +

+ +

+ Health Disclaimer: +

+

+The recommended pronuciation of "ijb-zlib" is "eye jay bee zed lib" (or "zee +lib"). Attempting to pronounce "ijb-zlib" directly as written may lead to +injury of the tongue or larynx -- although the teenager in the author's household +makes a very good approximation of the sound when something surprising happens +in "Pacman World" on his Playstation. The phrase "ijb-zlib" may or may not +be an expletive in Arabic. +

+