handle initial requests to http proxy

wlan at mac.com wlan at mac.com
Wed May 21 08:29:01 UTC 2008 

So, in your browser, you have it configured to use a proxy for all  
sites except the explicitly configured uam and chilli server? Yeah,  
that wouldn't be very useful generally, I would think. I suppose it  
is also possible to have chilli support the proxy URL format in  
redir_getreq() which might help. Seeing your use of 'http_port' makes  
me think it could be an option to have chilli 'redirect' on a list of  
ports. It has also been brewing in the back of my head to try out  
some minimal content filtering for http traffic which could "de- 
proxy" a request pre-authentication and perhaps do a "captive-frame"  
without the need of an external privoxy. Oh, so little time..


On May 21, 2008, at 10:10 AM, Ivano Cristofolini wrote:

> OK, here it is quick'n'dirty (port number is hard-coded, etc.). It's
> important to note that browsers must not use a proxy for uamserver and
> authentication server; otherwise login will not work.
> It is probably not terribly useful in general: I needed it to keep
> previous browser settings for a wired network still working on the  
> wifi.
>
> Ivano
>
> --- old_dhcp.h	2008-05-19 09:21:33.000000000 +0200
> +++ dhcp.h	2008-05-19 10:16:04.000000000 +0200
> @@ -56,6 +56,7 @@
>  /* TCP Ports */
>  #define DHCP_HTTP   80
>  #define DHCP_HTTPS 443
> +#define DHCP_HTTPPROXY 3128
>
>
>  #define DHCP_ARP_REQUEST 1
> @@ -99,6 +100,7 @@
>    int nextdnat;                /* Next location to use for DNAT */
>    uint32_t dnatip[DHCP_DNAT_MAX]; /* Destination NAT destination IP
> address */
>    uint16_t dnatport[DHCP_DNAT_MAX]; /* Destination NAT source port */
> +  uint16_t http_port;               /* Original (pre-NAT) destination
> port */
>    uint8_t dnatmac[DHCP_DNAT_MAX][PKT_ETH_ALEN]; /* Destination NAT
> source mac */
>  /*  uint16_t mtu;                 Maximum transfer unit */
>  };
> --- old_dhcp.c	2008-05-19 09:21:40.000000000 +0200
> +++ dhcp.c	2008-05-19 09:32:42.000000000 +0200
> @@ -1245,7 +1245,8 @@
>    /* Was it a http request for another server? */
>    /* We are changing dest IP and dest port to local UAM server */
>    if ((pack->iph.protocol == PKT_IP_PROTO_TCP) &&
> -      (tcph->dst == htons(DHCP_HTTP))) {
> +      ((tcph->dst == htons(DHCP_HTTP)) ||
> +       (tcph->dst == htons(DHCP_HTTPPROXY)))) {
>      int n;
>      int pos=-1;
>      for (n=0; n<DHCP_DNAT_MAX; n++) {
> @@ -1260,6 +1261,7 @@
>  	memcpy(conn->dnatmac[conn->nextdnat], pack->ethh.dst, PKT_ETH_ALEN);
>        conn->dnatip[conn->nextdnat] = pack->iph.daddr;
>        conn->dnatport[conn->nextdnat] = tcph->src;
> +      conn->http_port = tcph->dst;
>        conn->nextdnat = (conn->nextdnat + 1) % DHCP_DNAT_MAX;
>      }
>
> @@ -1420,7 +1422,7 @@
>  	if (options.usetap)
>  	  memcpy(pack->ethh.src, conn->dnatmac[n], PKT_ETH_ALEN);
>  	pack->iph.saddr = conn->dnatip[n];
> -	tcph->src = htons(DHCP_HTTP);
> +	tcph->src = conn->http_port;
>
>  	dhcp_tcp_check(pack, len);
>  	dhcp_ip_check(pack);
> --- old_redir.c	2008-05-19 09:22:03.000000000 +0200
> +++ redir.c	2008-05-19 14:52:03.000000000 +0200
> @@ -1124,7 +1124,6 @@
>
>  	while (*p1 == ' ') p1++; /* Advance through additional white  
> space */
>  	if (*p1 == '/') p1++;
> -	else return -1;
>  	
>  	/* The path ends with a ? or a space */
>  	p2 = strchr(p1, '?');
> @@ -1321,9 +1320,16 @@
>    default:
>      {
>        /* some basic checks for urls we don't care about */
> -
> -      snprintf(conn->state.redir.userurl,
> sizeof(conn->state.redir.userurl), "http://%s/%s%s%s",
> -	       host, path, qs[0] ? "?" : "", qs[0] ? qs : "");
> +
> +      /* if GET was for an http proxy then the path starts with
> http://host */
> +      if (!strncmp(path, "http://", 7)) {
> +          snprintf(conn->state.redir.userurl,
> sizeof(conn->state.redir.userurl), "%s%s%s",
> +               path, qs[0] ? "?" : "", qs[0] ? qs : "");
> +      }
> +      else {
> +          snprintf(conn->state.redir.userurl,
> sizeof(conn->state.redir.userurl), "http://%s/%s%s%s",
> +               host, path, qs[0] ? "?" : "", qs[0] ? qs : "");
> +      }
>
>        if (optionsdebug)
>  	log_dbg("-->> Setting userurl=[%s]",conn->state.redir.userurl);
>
>
> On Sat, 2008-05-17 at 09:21 +0200, wlan at mac.com wrote:
>> Working contributions are welcome!
>>
>> On May 16, 2008, at 4:26 PM, Ivano Cristofolini wrote:
>>
>>> just solved it by myself, sorry for the bother.
>>>
>>> Ivano
>>>
>>> On Fri, 2008-05-16 at 13:54 +0200, Ivano Cristofolini wrote:
>>>> Hello,
>>>>
>>>> I need to modify coova-chilli to capture http requests directed  
>>>> to a
>>>> (NON transparent) http proxy running on port 3128 (keeping current
>>>> functionality as well).
>>>>
>>>> I have successfully modified the http parsing functions in redir.c
>>>> (very
>>>> simple: only redirurl changes).
>>>>
>>>> I'm trying to modify the DNAT routines in dhcp.c so that  
>>>> requests to
>>>> port 3128 are handled in the same way as regular requests to http
>>>> servers (i.e. they are NATted to uamserver).
>>>>
>>>> This is easy for dhcp_doDNAT() (I added the last line):
>>>>
>>>> ...
>>>>   /* Was it a http request for another server? */
>>>>   /* We are changing dest IP and dest port to local UAM server */
>>>>   if ((pack->iph.protocol == PKT_IP_PROTO_TCP) &&
>>>>       ((tcph->dst == htons(DHCP_HTTP)) ||
>>>>        (tcph->dst == htons(3128)))) {
>>>> ...
>>>>
>>>> I don't know how to do it for dhcp_undoDNAT().
>>>>
>>>> ...
>>>> /* Was it a reply from redir server? */
>>>> ...
>>>> if (something???) {
>>>>   tcph->src = htons(DHCP_HTTP);
>>>> else
>>>>   tcph->src = htons(3128);
>>>> ...
>>>>
>>>> Any suggestions?
>>>>
>>> -- 
>>> Ivano Cristofolini
>>> Presidio Informatico Ingegneria
>>> Direzione Informatica e Telecomunicazioni
>>> Universita' degli Studi di Trento
>>> Via Mesiano 77,
>>> 38050 Povo(TN), Italy
>>> Tel: +39 0461/881940
>>> Fax: +39 0461/882628
>>>
>>>
>>> -------------------------------------------------------------------- 
>>> -
>>> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
>>> For additional commands, e-mail: chilli-help at coova.org
>>> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>>> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
>> For additional commands, e-mail: chilli-help at coova.org
>> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>>
> -- 
> Ivano Cristofolini
> Presidio Informatico Ingegneria
> Direzione Informatica e Telecomunicazioni
> Universita' degli Studi di Trento
> Via Mesiano 77,
> 38050 Povo(TN), Italy
> Tel: +39 0461/881940
> Fax: +39 0461/882628<httpproxy.patch>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4

More information about the Chilli mailing list