diff -Nrup NoCatSplash-nightly/libexec/iptables/access.fw NoCatSplash-nightly-sls/libexec/iptables/access.fw --- NoCatSplash-nightly/libexec/iptables/access.fw 2002-12-23 13:55:37.000000000 -0500 +++ NoCatSplash-nightly-sls/libexec/iptables/access.fw 2004-05-27 22:48:40.000000000 -0400 @@ -4,8 +4,7 @@ # VERY simple access control script for leeenux ## -# Note: your PATH is inherited from the gateway process -# +export PATH=/tmp/sbin:/tmp/bin:/bin:/usr/bin:/sbin:/usr/sbin action=$1 mac=$2 diff -Nrup NoCatSplash-nightly/libexec/iptables/clear.fw NoCatSplash-nightly-sls/libexec/iptables/clear.fw --- NoCatSplash-nightly/libexec/iptables/clear.fw 2002-12-23 13:55:37.000000000 -0500 +++ NoCatSplash-nightly-sls/libexec/iptables/clear.fw 2004-05-27 22:48:40.000000000 -0400 @@ -3,8 +3,7 @@ # reset.fw: you guessed it. ## -# Note: your PATH is inherited from the gateway process -# +export PATH=/tmp/sbin:/tmp/bin:/bin:/usr/bin:/sbin:/usr/sbin iptables -F iptables -t nat -F diff -Nrup NoCatSplash-nightly/libexec/iptables/dump.fw NoCatSplash-nightly-sls/libexec/iptables/dump.fw --- NoCatSplash-nightly/libexec/iptables/dump.fw 2002-12-23 13:55:37.000000000 -0500 +++ NoCatSplash-nightly-sls/libexec/iptables/dump.fw 2004-05-27 22:48:40.000000000 -0400 @@ -3,8 +3,7 @@ # dump.fw: show the status of all iptables. ## -# Note: your PATH is inherited from the gateway process -# +export PATH=/tmp/sbin:/tmp/bin:/bin:/usr/bin:/sbin:/usr/sbin echo ">>>>> NAT table: <<<<<" echo diff -Nrup NoCatSplash-nightly/libexec/iptables/initialize.fw NoCatSplash-nightly-sls/libexec/iptables/initialize.fw --- NoCatSplash-nightly/libexec/iptables/initialize.fw 2002-12-27 05:44:41.000000000 -0500 +++ NoCatSplash-nightly-sls/libexec/iptables/initialize.fw 2004-05-27 22:48:40.000000000 -0400 @@ -18,26 +18,13 @@ # 3: Public # 4: Free -# Note: your PATH is inherited from the gateway process -# +export PATH=/tmp/sbin:/tmp/bin:/bin:/usr/bin:/sbin:/usr/sbin # Enable IP forwarding and rp_filter (to kill IP spoof attempts). # echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter -# Load alllll the kernel modules we need. -# -rmmod ipchains > /dev/null 2>&1 # for RH 7.1 users. - -for module in ip_tables ipt_REDIRECT ipt_MASQUERADE ipt_MARK ipt_REJECT \ - ipt_TOS ipt_LOG iptable_mangle iptable_filter iptable_nat ip_nat_ftp \ - ip_conntrack ipt_mac ipt_state ipt_mark; do - - modprobe $module -done - - # Flush all user-defined chains # iptables -t filter -N NoCat 2>/dev/null @@ -150,8 +137,8 @@ fi for port in 80 443; do for mark in $nonauth; do # $redirect -m mark --mark $mark -d windowsupdate.microsoft.com -j DROP - $redirect -m mark --mark $mark -p tcp --dport $port -j REDIRECT \ - --to-port $GatewayPort + $redirect -m mark --mark $mark -p tcp --dport $port -j DNAT \ + --to-destination $GatewayAddr:$GatewayPort done done @@ -229,7 +216,7 @@ $fwd -j DROP # # chmod +x throttle.fw # -[ -x throttle.fw ] && throttle.fw +#[ -x throttle.fw ] && throttle.fw ## # Add any other local firewall rules below. diff -Nrup NoCatSplash-nightly/libexec/iptables/reset.fw NoCatSplash-nightly-sls/libexec/iptables/reset.fw --- NoCatSplash-nightly/libexec/iptables/reset.fw 2002-12-23 13:55:37.000000000 -0500 +++ NoCatSplash-nightly-sls/libexec/iptables/reset.fw 2004-05-27 22:48:40.000000000 -0400 @@ -5,8 +5,7 @@ # ## -# Note: your PATH is inherited from the gateway process -# +export PATH=/tmp/sbin:/tmp/bin:/bin:/usr/bin:/sbin:/usr/sbin # Flush all user-defined chains # diff -Nrup NoCatSplash-nightly/libexec/iptables/throttle.fw NoCatSplash-nightly-sls/libexec/iptables/throttle.fw --- NoCatSplash-nightly/libexec/iptables/throttle.fw 2002-12-23 13:55:37.000000000 -0500 +++ NoCatSplash-nightly-sls/libexec/iptables/throttle.fw 2004-05-27 22:48:40.000000000 -0400 @@ -8,8 +8,7 @@ # ## -# Note: your PATH is inherited from the gateway process -# +export PATH=/tmp/sbin:/tmp/bin:/bin:/usr/bin:/sbin:/usr/sbin TOTAL_DOWN=3mbit TOTAL_UP=384kbit diff -Nrup NoCatSplash-nightly/src/conf.c NoCatSplash-nightly-sls/src/conf.c --- NoCatSplash-nightly/src/conf.c 2003-01-11 00:19:58.000000000 -0500 +++ NoCatSplash-nightly-sls/src/conf.c 2004-05-27 22:48:40.000000000 -0400 @@ -66,7 +66,9 @@ GHashTable *read_conf_file( const gchar nocat_conf = parse_conf_string( file ); set_conf_defaults( nocat_conf, default_conf ); - g_message( "Read %d config items from %s", g_hash_table_size(nocat_conf), path ); + if (CONFd("Verbosity") >= 1) { + g_message( "Read %d config items from %s", g_hash_table_size(nocat_conf), path ); + } g_free( file ); return nocat_conf; } diff -Nrup NoCatSplash-nightly/src/firewall.c NoCatSplash-nightly-sls/src/firewall.c --- NoCatSplash-nightly/src/firewall.c 2003-01-12 02:50:41.000000000 -0500 +++ NoCatSplash-nightly-sls/src/firewall.c 2004-05-27 22:48:40.000000000 -0400 @@ -33,7 +33,9 @@ static int fw_exec( gchar *action, GHash cmd = conf_string( conf, action ); cmd = parse_template( cmd, data ); - g_warning("Got command %s from action %s", cmd, action ); + if (CONFd("Verbosity") >= 2) { + g_warning("Got command %s from action %s", cmd, action ); + } arg = g_strsplit( cmd, " ", 0 ); // prime the environment with our existing environment diff -Nrup NoCatSplash-nightly/src/http.c NoCatSplash-nightly-sls/src/http.c --- NoCatSplash-nightly/src/http.c 2003-01-16 14:52:17.000000000 -0500 +++ NoCatSplash-nightly-sls/src/http.c 2004-05-27 22:48:40.000000000 -0400 @@ -13,6 +13,7 @@ # include "util.h" # include "http.h" # include "mime.h" +# include "conf.h" # ifndef BUF_SIZ # define BUF_SIZ 16384 # endif @@ -159,7 +160,9 @@ GHashTable *http_parse_header (http_requ /* Strip ": " plus leading and trailing space from val */ g_strchomp( val += 2 ); // ": " - g_message("Header in: %s=%s", key, val ); + if (CONFd("Verbosity") >= 2) { + g_message("Header in: %s=%s", key, val ); + } g_hash_set( head, key, val ); } } @@ -196,10 +199,28 @@ GHashTable *http_parse_query (http_reque guint http_request_read (http_request *h) { gchar *buf = g_new( gchar, BUF_SIZ + 1 ); GIOError r; - guint n, t; + guint n, t, marker = 5; + struct timeval tv; + + tv.tv_sec = 0; + tv.tv_usec = 250000; // g_message("entering http_request_read"); - for (t = 0, n = BUF_SIZ; n == BUF_SIZ && + + // for (t = 0, n = BUF_SIZ; n == BUF_SIZ && + // h->buffer->len < MAX_REQUEST_SIZE; t += n ) { + // BPsmythe: The above (original) loop will never execute + // more than once unless the size of the buffer read in (n) + // is equal to the constant BUF_SIZE. What is desired is + // to keep looping until there is nothing left to read. + // Without using the newer g_io_channel_read_char, and/or + // some more research, the for statement was changed to look + // for the end of the headers. + // + // TODO: There should also be something that will time out and + // kill this thread if it hangs on the read + // + for (t = 0, n = BUF_SIZ; marker > 0 && h->buffer->len < MAX_REQUEST_SIZE; t += n ) { // g_message("entering read loop"); r = g_io_channel_read( h->sock, buf, BUF_SIZ, &n ); @@ -211,6 +232,15 @@ guint http_request_read (http_request *h } buf[n] = '\0'; g_string_append(h->buffer, buf); + + // BPsmythe: Check for the end of the headers. + if ((strstr( h->buffer->str, "\r\n\r\n" )) != NULL) { + marker = 0; + } else { + marker--; + // g_message("http_request_read: No header yet, keep going %d more tries", marker); + select (0, NULL, NULL, NULL, &tv); + } } g_free(buf); return t; @@ -231,7 +261,9 @@ gboolean http_request_ok (http_request * http_parse_query( h, NULL ); if (h->query) { z = g_hash_as_string( h->query ); - g_message( "Query: %s", z->str ); + if (CONFd("Verbosity") >= 2) { + g_message( "Query: %s", z->str ); + } g_string_free(z, 1); } h->complete++; @@ -333,7 +365,9 @@ GIOError http_send_header ( http_request g_string_sprintfa( hdr, "HTTP/1.1 %d %s\r\n", status, msg ); g_hash_table_foreach( h->response, (GHFunc) http_compose_header, hdr ); g_string_append( hdr, "\r\n" ); - g_message("Header out: %s", hdr->str); + if (CONFd("Verbosity") >= 2) { + g_message("Header out: %s", hdr->str); + } r = g_io_channel_write( h->sock, hdr->str, hdr->len, &n ); g_string_free( hdr, 1 ); return r; @@ -370,6 +404,9 @@ int http_serve_file ( http_request *h, c path = http_fix_path( h->uri, docroot ); fd = http_open_file( path, &status ); + http_add_header( h, "Expires","0"); + http_add_header( h, "Pragma","no-cache"); + http_add_header( h, "Cache-Control","no-cache, must-revalidate"); http_add_header( h, "Content-Type", http_mime_type( path ) ); http_send_header( h, status, fd == -1 ? "Not OK" : "OK" ); diff -Nrup NoCatSplash-nightly/src/open.c NoCatSplash-nightly-sls/src/open.c --- NoCatSplash-nightly/src/open.c 2003-02-27 20:53:50.000000000 -0500 +++ NoCatSplash-nightly-sls/src/open.c 2004-05-27 22:48:40.000000000 -0400 @@ -75,7 +75,12 @@ void handle_request( http_request *h ) { if (hostname == NULL || strcmp( hostname, sockname ) != 0) { capture_peer(h); } else if (strcmp( h->uri, "/" ) == 0) { - if ( QUERY("mode_login") != NULL || QUERY("mode_login.x") != NULL ) { + // BPsmythe: Force the addition of a check box. Make a user click an "I + // agree to the terms and conditions" checkbox and click a login button. + // Seems strcmp core dumps if one of the args is NULL. + if ( ( QUERY("accept_terms") != NULL ) && + ( QUERY("mode_login") != NULL || QUERY("mode_login.x") != NULL ) && + ( strncmp(QUERY("accept_terms"),"yes",3) == 0) ) { accept_peer(h); } else if ( QUERY("redirect") != NULL ) { splash_peer(h); diff -Nrup NoCatSplash-nightly/src/splashd.c NoCatSplash-nightly-sls/src/splashd.c --- NoCatSplash-nightly/src/splashd.c 2003-02-22 22:09:46.000000000 -0500 +++ NoCatSplash-nightly-sls/src/splashd.c 2004-05-27 22:48:40.000000000 -0400 @@ -39,7 +39,9 @@ void accept_peer ( http_request *h ) { G_LOCK(peer_tab); p = find_peer( h->peer_ip ); - g_message( "Accepting peer %s", p->ip ); + if (CONFd("Verbosity") >= 1) { + g_message( "Accepting peer %s", p->ip ); + } peer_permit( nocat_conf, p ); G_UNLOCK(peer_tab); @@ -49,13 +51,19 @@ void accept_peer ( http_request *h ) { } void remove_peer ( peer *p ) { - g_message( "Removing peer %s", p->ip ); + if (CONFd("Verbosity") >= 1) { + g_message( "Removing peer %s", p->ip ); + } peer_deny( nocat_conf, p ); } gboolean check_peer_expire ( gchar *ip, peer *p, time_t *now ) { - g_message( "Checking peer %s for expire: %lu sec. remain", - ip, p->expire - *now ); + /* BPsmythe: Let's make use of the verbosity flag */ + if (CONFd("Verbosity") >= 5) { + g_message( "Checking peer %s for expire: %lu sec. remain", + ip, p->expire - *now ); + } + if (p->expire <= *now) { remove_peer( p ); return TRUE; @@ -66,7 +74,10 @@ gboolean check_peer_expire ( gchar *ip, void check_peers( void *dummy ) { time_t now = time(NULL); - g_message("Checking peers for expiration"); + /* BPsmythe: Let's make use of the verbosity flag */ + if (CONFd("Verbosity") >= 5) { + g_message("Checking peers for expiration"); + } G_LOCK(peer_tab); g_hash_table_foreach_remove( peer_tab, (GHRFunc)check_peer_expire, &now ); G_UNLOCK(peer_tab); @@ -87,16 +98,29 @@ gboolean run_peer_check( tpool_t pool ) /************* Connection handlers ************/ void handle_read( http_request *h ) { - g_message( "thread entering handle_read" ); + /* BPsmythe: Let's make use of the verbosity flag */ + if (CONFd("Verbosity") >= 4) { + g_message( "thread entering handle_read" ); + } http_request_read( h ); - if (http_request_ok(h)) + if (http_request_ok(h)) { handle_request(h); + } else { + // BPsmythe: this happen enough with certain issues it is nice + // to have an indication that this is where things bombed out. + if (CONFd("Verbosity") >= 1) { + g_warning( "handle_read: http_request_ok returned error" ); + } + } + g_io_channel_close( h->sock ); g_io_channel_unref( h->sock ); http_request_free( h ); - g_message( "thread exiting handle_read" ); + if (CONFd("Verbosity") >= 4) { + g_message( "thread exiting handle_read" ); + } } gboolean handle_accept( GIOChannel *sock, GIOCondition cond, tpool_t pool ) { @@ -146,8 +170,11 @@ int main (int argc, char **argv) { signal(SIGINT, handle_sigint); /* read nocat.conf */ - read_conf_file( NC_CONF_PATH "/nocat.conf" ); - + if (argc > 1) { + read_conf_file( argv[1] ); + } else { + read_conf_file( NC_CONF_PATH "/nocat.conf" ); + } /* initialize the firewall */ fw_init( nocat_conf ); @@ -169,8 +196,12 @@ int main (int argc, char **argv) { g_timeout_add( 1000, (GSourceFunc) check_sigint, loop ); /* Go! */ - g_message("starting main loop"); + if (CONFd("Verbosity") >= 1) { + g_message("starting main loop"); + } g_main_run( loop ); - g_message("exiting main loop"); + if (CONFd("Verbosity") >= 1) { + g_message("exiting main loop"); + } return 0; } diff -Nrup NoCatSplash-nightly/src/tpool.c NoCatSplash-nightly-sls/src/tpool.c --- NoCatSplash-nightly/src/tpool.c 2003-05-20 03:13:42.000000000 -0400 +++ NoCatSplash-nightly-sls/src/tpool.c 2004-05-27 22:48:40.000000000 -0400 @@ -26,6 +26,7 @@ #include #include "tpool.h" #include "util.h" +#include "conf.h" void *tpool_thread(void *); @@ -120,12 +121,18 @@ int tpool_add_work( workp->arg = arg; workp->next = NULL; - g_debug("adder: adding an item %p", workp->routine); + /* BPsmythe: I hate these messages. how can it be a debug if it is always on? */ + if (CONFd("Verbosity") >= 10) { + g_debug("adder: adding an item %p", workp->routine); + } if (tpool->cur_queue_size == 0) { tpool->queue_tail = tpool->queue_head = workp; - g_debug("adder: queue == 0, waking all workers"); + /* BPsmythe: I hate these messages. how can it be a debug if it is always on? */ + if (CONFd("Verbosity") >= 10) { + g_debug("adder: queue == 0, waking all workers"); + } if ((rtn = pthread_cond_broadcast(&(tpool->queue_not_empty))) != 0) g_error("pthread_cond_signal %d",rtn);; @@ -238,8 +245,11 @@ void *tpool_thread(void *arg) else tpool->queue_head = my_workp->next; - g_debug("worker %d: dequeuing item %p", - (int)pthread_self(), my_workp->routine); + /* BPsmythe: I hate these messages. how can it be a debug if it is always on? */ + if (CONFd("Verbosity") >= 10) { + g_debug("worker %d: dequeuing item %p", + (int)pthread_self(), my_workp->routine); + } /* Handle waiting add_work threads */ if ((!tpool->do_not_block_when_full) && diff -Nrup NoCatSplash-nightly/src/util.h NoCatSplash-nightly-sls/src/util.h --- NoCatSplash-nightly/src/util.h 2003-07-30 18:05:50.000000000 -0400 +++ NoCatSplash-nightly-sls/src/util.h 2004-05-27 22:48:40.000000000 -0400 @@ -1,7 +1,7 @@ # include # ifndef g_debug -# define g_debug(format...) g_log (G_LOG_DOMAIN, \ +# define g_debug(format...) if (getenv("DEBUG") != NULL) g_log (G_LOG_DOMAIN, \ G_LOG_LEVEL_DEBUG, \ format) # endif