Re: Squid-1.1.9 and socks

From: Arjan de Vet <[email protected]>
Date: Thu, 8 Jan 1998 23:29:55 +0100 (CET)

In article <JA8AAAAAABXIKAABYQAB7fZXAeRU@sawasdee.fsbt.fujitsu.co.jp> you write:

>I'd like to use squid-1.1.9 to be my proxy server and use it via Socks Proxy.
>How can I do? How can I use Squid with Socks Proxy Server.

I once made a socks (version 4) patch for but it's rather undocumented and
a little out of date (it was made originally for 1.1.10). That's also the
reason why it's not on my normal Squid pages. The patch has been included
at the end but if you don't have much experience with the patch program
and handling rejected chunks from a patch it will not be easy to use for
1.1.19.

I'm working on an improved socks4 patch for 1.1.19 but that's not finished
yet.

Arjan

-----------------------------------------------------------------------------

There's no real documentation yet but if you're familiar with socksifying
applications it's rather simple: apply the patch below, run configure,
uncomment the -DSOCKS line and add '-lsocks' to the library line in
src/Makefile and run make. The socks configuration part is at the end of
the squid.conf file.

-----------------------------------------------------------------------------
diff -ur squid-1.1.10/src/Makefile.in squid-1.1.10-adv/src/Makefile.in
--- squid-1.1.10/src/Makefile.in Mon Apr 21 18:27:12 1997
+++ squid-1.1.10-adv/src/Makefile.in Thu May 22 23:01:30 1997
@@ -16,11 +16,13 @@
 # do NOT define both USE_SPLAY_TREE and USE_BIN_TREE at the same time!
 USE_SPLAY_TREE = # -DUSE_SPLAY_TREE
 USE_BIN_TREE = # -DUSE_BIN_TREE
+# use SOCKS4
+USE_SOCKS = # -DSOCKS
 
 DEFINES = $(HOST_OPT) $(AUTH_OPT) $(LOG_HDRS_OPT) \
                   $(ICMP_OPT) $(DELAY_HACK) $(USERAGENT_OPT) \
                   $(KILL_PARENT_OPT) $(USE_POLL_OPT) \
- $(USE_SPLAY_TREE) $(USE_BIN_TREE)
+ $(USE_SPLAY_TREE) $(USE_BIN_TREE) $(USE_SOCKS)
 
 prefix = @prefix@
 exec_prefix = @exec_prefix@
diff -ur squid-1.1.10/src/cache_cf.c squid-1.1.10-adv/src/cache_cf.c
--- squid-1.1.10/src/cache_cf.c Wed Apr 23 21:38:36 1997
+++ squid-1.1.10-adv/src/cache_cf.c Thu May 22 22:59:47 1997
@@ -265,6 +265,9 @@
 static void parseCachemgrPasswd _PARAMS((void));
 static void parsePathname _PARAMS((char **, int fatal));
 static void parseProxyLine _PARAMS((peer **));
+#ifdef SOCKS
+static void parseSocksLine _PARAMS((struct sockaddr_in *));
+#endif
 static void parseHttpAnonymizer _PARAMS((int *));
 static int parseTimeUnits _PARAMS((const char *unit));
 static void parseTimeLine _PARAMS((int *iptr, const char *units));
@@ -988,6 +991,25 @@
     *E = e;
 }
 
+#ifdef SOCKS
+static void
+parseSocksLine(struct sockaddr_in *S)
+{
+ char *token;
+ char *t;
+ S->sin_family = AF_INET;
+ S->sin_port = 1080; /* default */
+ token = strtok(NULL, w_space);
+ if (token == NULL)
+ self_destruct();
+ if ((t = strchr(token, ':'))) {
+ *t++ = '\0';
+ S->sin_port = htons(atoi(t));
+ }
+ S->sin_addr.s_addr = inet_addr(token);
+}
+#endif /* SOCKS */
+
 static void
 parseIntegerValue(int *iptr)
 {
@@ -1350,6 +1372,12 @@
             parseProxyLine(&Config.sslProxy);
         else if (!strcmp(token, "passthrough_proxy"))
             parseProxyLine(&Config.passProxy);
+#ifdef SOCKS
+ else if (!strcmp(token, "socks"))
+ parseSocksLine(&Config.socks_sin);
+ else if (!strcmp(token, "socks_internal"))
+ parseIPLine(&Config.socks_internal_list);
+#endif
 
         else if (!strcmp(token, "err_html_text"))
             parseErrHtmlLine();
@@ -1510,6 +1538,9 @@
     wordlistDestroy(&Config.cache_stoplist);
     ip_acl_destroy(&Config.local_ip_list);
     ip_acl_destroy(&Config.firewall_ip_list);
+#ifdef SOCKS
+ ip_acl_destroy(&Config.socks_internal_list);
+#endif
     objcachePasswdDestroy(&Config.passwd_list);
     refreshFreeMemory();
 }
@@ -1604,6 +1635,9 @@
     Config.Addrs.client_netmask.s_addr = DefaultClientNetmask;
     Config.passProxy = DefaultPassProxy;
     Config.sslProxy = DefaultSslProxy;
+#ifdef SOCKS
+ Config.socks_sin.sin_addr.s_addr = INADDR_ANY;
+#endif
     Config.ipcache.size = DefaultIpcacheSize;
     Config.ipcache.low = DefaultIpcacheLow;
     Config.ipcache.high = DefaultIpcacheHigh;
diff -ur squid-1.1.10/src/cache_cf.h squid-1.1.10-adv/src/cache_cf.h
--- squid-1.1.10/src/cache_cf.h Fri Mar 28 21:28:12 1997
+++ squid-1.1.10-adv/src/cache_cf.h Sun May 18 22:47:14 1997
@@ -245,6 +245,10 @@
     ip_acl *local_ip_list;
     ip_acl *firewall_ip_list;
     peer *sslProxy, *passProxy;
+#ifdef SOCKS
+ struct sockaddr_in socks_sin;
+ ip_acl *socks_internal_list;
+#endif
     struct {
         int size;
         int low;
diff -ur squid-1.1.10/src/comm.c squid-1.1.10-adv/src/comm.c
--- squid-1.1.10/src/comm.c Thu Apr 24 19:41:12 1997
+++ squid-1.1.10-adv/src/comm.c Tue May 20 23:02:46 1997
@@ -340,6 +340,31 @@
     xfree(cs);
 }
 
+#ifdef SOCKS
+static void
+commHandleSocks(int fd, void *data)
+{
+ ConnectStateData *connectState = data;
+ char c[8];
+ int n;
+
+ /* assume we can read the socks response in one read */
+ n = read(fd, c, 8);
+ if ((n == 8) && (c[1] == 90)) {
+ debug(5, 2, "commHandleSocks: FD %d status = %d\n", fd, c[1]);
+ ipcacheCycleAddr(connectState->host);
+ connectState->callback(fd, COMM_OK, connectState->data);
+ } else {
+ debug(5, 0, "commHandleSocks: FD %d status = %d/%d\n", fd, c[1], n);
+ ipcacheRemoveBadAddr(connectState->host, connectState->SO.sin_addr);
+ /* set errno to ECONNREFUSED, more info we do not get via socks */
+ errno = ECONNREFUSED;
+ connectState->callback(fd, COMM_ERROR, connectState->data);
+ }
+ return;
+}
+#endif /* SOCKS */
+
 /* Connect SOCK to specified DEST_PORT at DEST_HOST. */
 static void
 commConnectHandle(int fd, void *data)
@@ -356,11 +381,41 @@
                 connectState->data);
             return;
         }
- connectState->S.sin_family = AF_INET;
- connectState->S.sin_addr = ia->in_addrs[ia->cur];
- connectState->S.sin_port = htons(connectState->port);
+#ifdef SOCKS
+ /* ip_access_check returns IP_ALLOW when the list is empty,
+ the addr is localhost or the address is not in the list */
+ if ((Config.socks_sin.sin_addr.s_addr != INADDR_ANY) &&
+ (ia->in_addrs[ia->cur].s_addr != local_addr.s_addr) &&
+ ip_access_check(ia->in_addrs[ia->cur],
+ Config.socks_internal_list) == IP_ALLOW
+ ) {
+ /* use SOCKS */
+ connectState->socks = 1;
+ connectState->S.sin_family = Config.socks_sin.sin_family;
+ connectState->S.sin_port = Config.socks_sin.sin_port;
+ connectState->S.sin_addr = Config.socks_sin.sin_addr;
+ debug(5, 3, "commConnectHandle: FD %d SOCKS %s:%d\n", fd,
+ inet_ntoa(connectState->S.sin_addr),
+ ntohs(connectState->S.sin_port));
+ /* remember original site */
+ connectState->SO.sin_family = AF_INET;
+ connectState->SO.sin_addr = ia->in_addrs[ia->cur];
+ connectState->SO.sin_port = htons(connectState->port);
+ } else {
+ connectState->socks = 0;
+#endif /* SOCKS */
+ connectState->S.sin_family = AF_INET;
+ connectState->S.sin_addr = ia->in_addrs[ia->cur];
+ connectState->S.sin_port = htons(connectState->port);
+#ifdef SOCKS
+ }
+#endif
         if (Config.Log.log_fqdn)
+#ifdef SOCKS
+ fqdncache_gethostbyaddr(connectState->SO.sin_addr, FQDN_LOOKUP_IF_MISS);
+#else
             fqdncache_gethostbyaddr(connectState->S.sin_addr, FQDN_LOOKUP_IF_MISS);
+#endif
     }
     switch (comm_connect_addr(fd, &connectState->S)) {
     case COMM_INPROGRESS:
@@ -373,11 +428,41 @@
     case COMM_OK:
         if (vizSock > -1)
             vizHackSendPkt(&connectState->S, 2);
- ipcacheCycleAddr(connectState->host);
- connectState->callback(fd, COMM_OK, connectState->data);
+#ifdef SOCKS
+ if (connectState->socks) {
+ char c[9];
+ int n;
+ debug(5, 3, "commConnectHandle: FD %d sockd_connect done\n", fd);
+ c[0] = 4; /* version 4 */
+ c[1] = 1; /* connect */
+ bcopy(&connectState->SO.sin_port, c + 2, 2);
+ bcopy(&connectState->SO.sin_addr, c + 4, 4);
+ debug(5, 2, "commConnectHandle: FD %d SOCKS to %s:%d\n", fd,
+ inet_ntoa(connectState->SO.sin_addr),
+ ntohs(connectState->SO.sin_port));
+ c[8] = '\0';
+ /* assume we can write the request in one write() */
+ n = write(fd, c, 9);
+ if (n == 9)
+ debug(5, 3, "commConnectHandle: FD %d wrote SOCKS request (%d bytes)\n", fd, n);
+ else
+ debug(5, 0, "commConnectHandle: ERROR: only wrote %d bytes\n", n);
+ commSetSelect(fd,
+ COMM_SELECT_READ,
+ commHandleSocks,
+ (void *) connectState,
+ 0);
+ } else {
+#endif /* SOCKS */
+ ipcacheCycleAddr(connectState->host);
+ connectState->callback(fd, COMM_OK, connectState->data);
+#ifdef SOCKS
+ }
+#endif
         break;
     default:
- ipcacheRemoveBadAddr(connectState->host, connectState->S.sin_addr);
+ if (!connectState->socks)
+ ipcacheRemoveBadAddr(connectState->host, connectState->S.sin_addr);
         connectState->callback(fd, COMM_ERROR, connectState->data);
         break;
     }
diff -ur squid-1.1.10/src/comm.h squid-1.1.10-adv/src/comm.h
--- squid-1.1.10/src/comm.h Wed Mar 26 08:29:37 1997
+++ squid-1.1.10-adv/src/comm.h Sun May 18 22:46:22 1997
@@ -141,6 +141,10 @@
     char *host;
     u_short port;
     struct sockaddr_in S;
+#ifdef SOCKS
+ int socks;
+ struct sockaddr_in SO;
+#endif
     CCH callback;
     void *data;
 } ConnectStateData;
diff -ur squid-1.1.10/src/ftpget.c squid-1.1.10-adv/src/ftpget.c
--- squid-1.1.10/src/ftpget.c Wed Apr 23 21:38:39 1997
+++ squid-1.1.10-adv/src/ftpget.c Tue May 20 17:46:53 1997
@@ -745,7 +745,11 @@
             inet_ntoa(S->sin_addr),
             (int) ntohs(S->sin_port),
             len);
+#ifdef SOCKS
+ y = Rconnect(fd, (struct sockaddr *) S, len);
+#else
         y = connect(fd, (struct sockaddr *) S, len);
+#endif
         cerrno = errno;
         if (y < 0)
             debug(38, 7, "connect: %s\n", xstrerror());
@@ -802,7 +806,11 @@
         L.sin_family = AF_INET;
         L.sin_addr = outgoingTcpAddr;
         L.sin_port = 0;
+#ifdef SOCKS
+ if (Rbind(fd, (struct sockaddr *) &L, sizeof(struct sockaddr_in)) < 0) {
+#else
         if (bind(fd, (struct sockaddr *) &L, sizeof(struct sockaddr_in)) < 0) {
+#endif
             debug(38, 0, "bind: %s\n", xstrerror());
         }
     }
@@ -848,7 +856,11 @@
         }
         if (FD_ISSET(0, &R))
             exit(1);
+#ifdef SOCKS
+ return Raccept(fd, S, len);
+#else
         return accept(fd, S, len);
+#endif
     }
     /* NOTREACHED */
 }
diff -ur squid-1.1.10/src/squid.conf.pre.in squid-1.1.10-adv/src/squid.conf.pre.in
--- squid-1.1.10/src/squid.conf.pre.in Mon Apr 21 18:27:14 1997
+++ squid-1.1.10-adv/src/squid.conf.pre.in Thu May 22 23:35:55 1997
@@ -1201,3 +1201,8 @@
 #
 #query_icmp off
 
+# the socks4 server: ip-address:port
+# socks 172.16.1.1:1080
+
+# which networks can we connect to directly without socks4
+# socks_internal 172.16.0.0 172.17.0.0 172.18.0.0
Received on Thu Jan 08 1998 - 14:56:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:21 MST