From 90ffc61e7f73796d8bc42ef807a4bb273851643b Mon Sep 17 00:00:00 2001 From: Lance Albertson Date: Thu, 26 May 2011 18:55:27 +0000 Subject: Version bump (Portage version: 2.1.9.42/cvs/Linux x86_64) --- .../files/stunnel-4.29-x-forwarded-for.patch | 248 -------------------- .../stunnel/files/stunnel-4.36-listen-queue.diff | 51 +++++ .../stunnel/files/stunnel-4.36-xforwarded-for.diff | 249 +++++++++++++++++++++ 3 files changed, 300 insertions(+), 248 deletions(-) delete mode 100644 net-misc/stunnel/files/stunnel-4.29-x-forwarded-for.patch create mode 100644 net-misc/stunnel/files/stunnel-4.36-listen-queue.diff create mode 100644 net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff (limited to 'net-misc/stunnel/files') diff --git a/net-misc/stunnel/files/stunnel-4.29-x-forwarded-for.patch b/net-misc/stunnel/files/stunnel-4.29-x-forwarded-for.patch deleted file mode 100644 index 40ff2f9dc094..000000000000 --- a/net-misc/stunnel/files/stunnel-4.29-x-forwarded-for.patch +++ /dev/null @@ -1,248 +0,0 @@ -/* Patch rediffed against 4.29 by Stefan Behte */ -diff -ur stunnel-4.29-r1/doc/stunnel.8 stunnel-4.29/doc/stunnel.8 ---- stunnel-4.29-r1/doc/stunnel.8 2010-02-23 15:37:07.000000000 +0100 -+++ stunnel-4.29/doc/stunnel.8 2010-02-23 15:37:54.000000000 +0100 -@@ -497,6 +497,10 @@ - .IP "\fBtransparent\fR = yes | no (Unix only)" 4 - .IX Item "transparent = yes | no (Unix only)" - transparent proxy mode -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+append an 'X-Forwarded-For:' HTTP request header providing the -+client's IP address to the server. - .Sp - Re-write address to appear as if wrapped daemon is connecting - from the \s-1SSL\s0 client machine instead of the machine running \fBstunnel\fR. -diff -ur stunnel-4.29-r1/doc/stunnel.fr.8 stunnel-4.29/doc/stunnel.fr.8 ---- stunnel-4.29-r1/doc/stunnel.fr.8 2010-02-23 15:37:07.000000000 +0100 -+++ stunnel-4.29/doc/stunnel.fr.8 2010-02-23 15:37:54.000000000 +0100 -@@ -445,6 +445,10 @@ - Négocie avec \s-1SSL\s0 selon le protocole indiqué - .Sp - Actuellement gérés\ : cifs, nntp, pop3, smtp -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+Ajoute un en-t�te 'X-Forwarded-For:' dans la requ�te HTTP fournissant -+au serveur l'adresse IP du client. - .IP "\fBpty\fR = yes | no (Unix seulement)" 4 - .IX Item "pty = yes | no (Unix seulement)" - Alloue un pseudo-terminal pour l'option «\ exec\ » -diff -ur stunnel-4.29-r1/src/client.c stunnel-4.29/src/client.c ---- stunnel-4.29-r1/src/client.c 2010-02-23 15:37:07.000000000 +0100 -+++ stunnel-4.29/src/client.c 2010-02-23 15:37:54.000000000 +0100 -@@ -90,6 +90,12 @@ - return NULL; - } - c->opt=opt; -+ /* some options need space to add some information */ -+ if (c->opt->option.xforwardedfor) -+ c->buffsize = BUFFSIZE - BUFF_RESERVED; -+ else -+ c->buffsize = BUFFSIZE; -+ c->crlf_seen=0; - c->local_rfd.fd=rfd; - c->local_wfd.fd=wfd; - return c; -@@ -381,6 +387,28 @@ - print_cipher(c); - } - } -+ -+/* Moves all data from the buffer between positions and -+ * to insert of length . and are updated to their -+ * new respective values, and the number of characters inserted is returned. -+ * If is too long, nothing is done and -1 is returned. -+ * Note that neither nor can be NULL. -+ */ -+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { -+ if (len > limit - *stop) -+ return -1; -+ if (*start > *stop) -+ return -1; -+ memmove(buffer + *start + len, buffer + *start, *stop - *start); -+ memcpy(buffer + *start, string, len); -+ *start += len; -+ *stop += len; -+ return len; -+} -+ -+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { -+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); -+} - - /****************************** some defines for transfer() */ - /* is socket/SSL open for read/write? */ -@@ -416,13 +444,13 @@ - check_SSL_pending=0; - - SSL_read_wants_read= -- ssl_rd && c->ssl_ptrssl_ptrbuffsize && !SSL_read_wants_write; - SSL_write_wants_write= - ssl_wr && c->sock_ptr && !SSL_write_wants_read; - - /****************************** setup c->fds structure */ - s_poll_init(&c->fds); /* initialize the structure */ -- if(sock_rd && c->sock_ptrsock_ptrbuffsize) - s_poll_add(&c->fds, c->sock_rfd->fd, 1, 0); - if(SSL_read_wants_read || - SSL_write_wants_read || -@@ -521,7 +549,7 @@ - break; - default: - memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-num); -- if(c->ssl_ptr==BUFFSIZE) /* buffer was previously full */ -+ if(c->ssl_ptr>=c->buffsize) /* buffer was previously full */ - check_SSL_pending=1; /* check for data buffered by SSL */ - c->ssl_ptr-=num; - c->sock_bytes+=num; -@@ -581,7 +609,7 @@ - /****************************** read from socket */ - if(sock_rd && sock_can_rd) { - num=readsocket(c->sock_rfd->fd, -- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); -+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); - switch(num) { - case -1: - parse_socket_error(c, "readsocket"); -@@ -601,10 +629,71 @@ - (SSL_read_wants_write && ssl_can_wr) || - (check_SSL_pending && SSL_pending(c->ssl))) { - SSL_read_wants_write=0; -- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); -+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); - switch(err=SSL_get_error(c->ssl, num)) { - case SSL_ERROR_NONE: -- c->ssl_ptr+=num; -+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ -+ int last = c->ssl_ptr; -+ c->ssl_ptr += num; -+ -+ /* Look for end of HTTP headers between last and ssl_ptr. -+ * To achieve this reliably, we have to count the number of -+ * successive [CR]LF and to memorize it in case it's spread -+ * over multiple segments. --WT. -+ */ -+ while (last < c->ssl_ptr) { -+ if (c->ssl_buff[last] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ } else if (last < c->ssl_ptr - 1 && -+ c->ssl_buff[last] == '\r' && -+ c->ssl_buff[last+1] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ last++; -+ } else if (c->ssl_buff[last] != '\r') -+ /* don't refuse '\r' because we may get a '\n' on next read */ -+ c->crlf_seen = 0; -+ last++; -+ } -+ if (c->crlf_seen >= 2) { -+ /* We have all the HTTP headers now. We don't need to -+ * reserve any space anymore. points to the -+ * first byte of unread data, and points to the -+ * exact location where we want to insert our headers, -+ * which is right before the empty line. -+ */ -+ c->buffsize = BUFFSIZE; -+ -+ if (c->opt->option.xforwardedfor) { -+ /* X-Forwarded-For: xxxx \r\n\0 */ -+ char xforw[17 + IPLEN + 3]; -+ -+ /* We will insert our X-Forwarded-For: header here. -+ * We need to write the IP address, but if we use -+ * sprintf, it will pad with the terminating 0. -+ * So we will pass via a temporary buffer allocated -+ * on the stack. -+ */ -+ memcpy(xforw, "X-Forwarded-For: ", 17); -+ if (getnameinfo(&c->peer_addr.addr[0].sa, -+ addr_len(c->peer_addr.addr[0]), -+ xforw + 17, IPLEN, NULL, 0, -+ NI_NUMERICHOST) == 0) { -+ strcat(xforw + 17, "\r\n"); -+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, -+ c->buffsize, xforw); -+ } -+ /* last still points to the \r\n and ssl_ptr to the -+ * end of the buffer, so we may add as many headers -+ * as wee need to. -+ */ -+ } -+ } -+ } -+ else -+ c->ssl_ptr+=num; -+ - watchdog=0; /* reset watchdog */ - break; - case SSL_ERROR_WANT_WRITE: -diff -ur stunnel-4.29-r1/src/common.h stunnel-4.29/src/common.h ---- stunnel-4.29-r1/src/common.h 2010-02-23 15:37:07.000000000 +0100 -+++ stunnel-4.29/src/common.h 2010-02-23 15:37:54.000000000 +0100 -@@ -53,6 +53,9 @@ - /* I/O buffer size */ - #define BUFFSIZE 16384 - -+/* maximum space reserved for header insertion in BUFFSIZE */ -+#define BUFF_RESERVED 1024 -+ - /* Length of strings (including the terminating '\0' character) */ - /* It can't be lower than 256 bytes or NTLM authentication will break */ - #define STRLEN 256 -diff -ur stunnel-4.29-r1/src/options.c stunnel-4.29/src/options.c ---- stunnel-4.29-r1/src/options.c 2010-02-23 15:37:07.000000000 +0100 -+++ stunnel-4.29/src/options.c 2010-02-23 15:37:54.000000000 +0100 -@@ -781,6 +781,29 @@ - } - #endif - -+ /* xforwardedfor */ -+ switch(cmd) { -+ case CMD_INIT: -+ section->option.xforwardedfor=0; -+ break; -+ case CMD_EXEC: -+ if(strcasecmp(opt, "xforwardedfor")) -+ break; -+ if(!strcasecmp(arg, "yes")) -+ section->option.xforwardedfor=1; -+ else if(!strcasecmp(arg, "no")) -+ section->option.xforwardedfor=0; -+ else -+ return "argument should be either 'yes' or 'no'"; -+ return NULL; /* OK */ -+ case CMD_DEFAULT: -+ break; -+ case CMD_HELP: -+ s_log(LOG_RAW, "%-15s = yes|no append an HTTP X-Forwarded-For header", -+ "xforwardedfor"); -+ break; -+ } -+ - /* exec */ - #ifndef USE_WIN32 - switch(cmd) { -diff -ur stunnel-4.29-r1/src/prototypes.h stunnel-4.29/src/prototypes.h ---- stunnel-4.29-r1/src/prototypes.h 2010-02-23 15:37:07.000000000 +0100 -+++ stunnel-4.29/src/prototypes.h 2010-02-23 15:37:54.000000000 +0100 -@@ -227,6 +227,7 @@ - unsigned int cert:1; - unsigned int client:1; - unsigned int delayed_lookup:1; -+ unsigned int xforwardedfor:1; - unsigned int accept:1; - unsigned int remote:1; - unsigned int retry:1; /* loop remote+program */ -@@ -334,6 +335,8 @@ - FD *ssl_rfd, *ssl_wfd; /* Read and write SSL descriptors */ - int sock_bytes, ssl_bytes; /* Bytes written to socket and ssl */ - s_poll_set fds; /* File descriptors */ -+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ -+ int crlf_seen; /* the number of successive CRLF seen */ - } CLI; - - extern int max_clients; diff --git a/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff new file mode 100644 index 000000000000..ff231255ff3d --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff @@ -0,0 +1,51 @@ +diff -urN stunnel-4.36/src/options.c stunnel-4.36-new/src/options.c +--- stunnel-4.36/src/options.c 2011-04-30 15:14:02.000000000 -0700 ++++ stunnel-4.36-new/src/options.c 2011-05-26 11:42:10.455120934 -0700 +@@ -1484,6 +1484,24 @@ + break; + } + ++ /* listenqueue */ ++ switch(cmd) { ++ case CMD_INIT: ++ section->listenqueue=SOMAXCONN; ++ break; ++ case CMD_EXEC: ++ if(strcasecmp(opt, "listenqueue")) ++ break; ++ section->listenqueue=atoi(arg); ++ return (section->listenqueue?NULL:"Bad verify level"); ++ case CMD_DEFAULT: ++ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN); ++ break; ++ case CMD_HELP: ++ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue"); ++ break; ++ } ++ + if(cmd==CMD_EXEC) + return option_not_found; + return NULL; /* OK */ +diff -urN stunnel-4.36/src/prototypes.h stunnel-4.36-new/src/prototypes.h +--- stunnel-4.36/src/prototypes.h 2011-05-01 11:18:01.000000000 -0700 ++++ stunnel-4.36-new/src/prototypes.h 2011-05-26 11:42:33.285154425 -0700 +@@ -158,6 +158,7 @@ + int timeout_close; /* maximum close_notify time */ + int timeout_connect; /* maximum connect() time */ + int timeout_idle; /* maximum idle connection time */ ++ int listenqueue; /* Listen baklog */ + enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ + + /* protocol name for protocol.c */ +diff -urN stunnel-4.36/src/stunnel.c stunnel-4.36-new/src/stunnel.c +--- stunnel-4.36/src/stunnel.c 2011-05-02 14:51:02.000000000 -0700 ++++ stunnel-4.36-new/src/stunnel.c 2011-05-26 11:46:37.775513010 -0700 +@@ -241,7 +241,7 @@ + } + s_log(LOG_DEBUG, "Service %s bound to %s", + opt->servname, opt->local_address); +- if(listen(opt->fd, SOMAXCONN)) { ++ if(listen(opt->fd, opt->listenqueue)) { + sockerror("listen"); + return 0; + } diff --git a/net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff b/net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff new file mode 100644 index 000000000000..3520ad19dfae --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff @@ -0,0 +1,249 @@ +diff -urN stunnel-4.36/doc/stunnel.8 stunnel-4.36-new//doc/stunnel.8 +--- stunnel-4.36/doc/stunnel.8 2011-04-27 14:02:40.000000000 -0700 ++++ stunnel-4.36-new//doc/stunnel.8 2011-05-26 11:37:07.024675893 -0700 +@@ -556,6 +556,10 @@ + .IP "\fBTIMEOUTidle\fR = seconds" 4 + .IX Item "TIMEOUTidle = seconds" + time to keep an idle connection ++.IP "\fBxforwardedfor\fR = yes | no" 4 ++.IX Item "xforwardedfor = yes | no" ++append an 'X-Forwarded-For:' HTTP request header providing the ++client's IP address to the server. + .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 + .IX Item "transparent = none | source | destination | both (Unix only)" + enable transparent proxy support on selected platforms +diff -urN stunnel-4.36/doc/stunnel.fr.8 stunnel-4.36-new//doc/stunnel.fr.8 +--- stunnel-4.36/doc/stunnel.fr.8 2011-02-09 11:37:46.000000000 -0800 ++++ stunnel-4.36-new//doc/stunnel.fr.8 2011-05-26 11:37:07.024675893 -0700 +@@ -394,6 +394,10 @@ + .IP "\fBTIMEOUTidle\fR = secondes" 4 + .IX Item "TIMEOUTidle = secondes" + Durée d'attente sur une connexion inactive ++.IP "\fBxforwardedfor\fR = yes | no" 4 ++.IX Item "xforwardedfor = yes | no" ++Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant ++au serveur l'adresse IP du client. + .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 + .IX Item "transparent = yes | no (Unix seulement)" + Mode mandataire transparent +diff -urN stunnel-4.36/src/client.c stunnel-4.36-new//src/client.c +--- stunnel-4.36/src/client.c 2011-05-02 09:12:53.000000000 -0700 ++++ stunnel-4.36-new//src/client.c 2011-05-26 11:37:07.024675893 -0700 +@@ -86,6 +86,12 @@ + return NULL; + } + c->opt=opt; ++ /* some options need space to add some information */ ++ if (c->opt->option.xforwardedfor) ++ c->buffsize = BUFFSIZE - BUFF_RESERVED; ++ else ++ c->buffsize = BUFFSIZE; ++ c->crlf_seen=0; + c->local_rfd.fd=rfd; + c->local_wfd.fd=wfd; + return c; +@@ -381,6 +387,28 @@ + } + } + ++/* Moves all data from the buffer between positions and ++ * to insert of length . and are updated to their ++ * new respective values, and the number of characters inserted is returned. ++ * If is too long, nothing is done and -1 is returned. ++ * Note that neither nor can be NULL. ++ */ ++static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { ++ if (len > limit - *stop) ++ return -1; ++ if (*start > *stop) ++ return -1; ++ memmove(buffer + *start + len, buffer + *start, *stop - *start); ++ memcpy(buffer + *start, string, len); ++ *start += len; ++ *stop += len; ++ return len; ++} ++ ++static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { ++ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); ++} ++ + /****************************** transfer data */ + static void transfer(CLI *c) { + int watchdog=0; /* a counter to detect an infinite loop */ +@@ -399,7 +427,7 @@ + do { /* main loop of client data transfer */ + /****************************** initialize *_wants_* */ + read_wants_read= +- ssl_open_rd && c->ssl_ptrssl_ptrbuffsize && !read_wants_write; + write_wants_write= + ssl_open_wr && c->sock_ptr && !write_wants_read; + +@@ -408,7 +436,7 @@ + /* for plain socket open data strem = open file descriptor */ + /* make sure to add each open socket to receive exceptions! */ + if(sock_open_rd) +- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptrfds, c->sock_rfd->fd, c->sock_ptrbuffsize, 0); + if(sock_open_wr) + s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr); + /* for SSL assume that sockets are open if there any pending requests */ +@@ -542,7 +570,7 @@ + /****************************** read from socket */ + if(sock_open_rd && sock_can_rd) { + num=readsocket(c->sock_rfd->fd, +- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); ++ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); + switch(num) { + case -1: + parse_socket_error(c, "readsocket"); +@@ -578,7 +606,7 @@ + /****************************** update *_wants_* based on new *_ptr */ + /* this update is also required for SSL_pending() to be used */ + read_wants_read= +- ssl_open_rd && c->ssl_ptrssl_ptrbuffsize && !read_wants_write; + write_wants_write= + ssl_open_wr && c->sock_ptr && !write_wants_read; + +@@ -588,10 +616,71 @@ + * writesocket() above made some room in c->ssl_buff */ + (read_wants_write && ssl_can_wr)) { + read_wants_write=0; +- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); ++ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); + switch(err=SSL_get_error(c->ssl, num)) { + case SSL_ERROR_NONE: +- c->ssl_ptr+=num; ++ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ ++ int last = c->ssl_ptr; ++ c->ssl_ptr += num; ++ ++ /* Look for end of HTTP headers between last and ssl_ptr. ++ * To achieve this reliably, we have to count the number of ++ * successive [CR]LF and to memorize it in case it's spread ++ * over multiple segments. --WT. ++ */ ++ while (last < c->ssl_ptr) { ++ if (c->ssl_buff[last] == '\n') { ++ if (++c->crlf_seen == 2) ++ break; ++ } else if (last < c->ssl_ptr - 1 && ++ c->ssl_buff[last] == '\r' && ++ c->ssl_buff[last+1] == '\n') { ++ if (++c->crlf_seen == 2) ++ break; ++ last++; ++ } else if (c->ssl_buff[last] != '\r') ++ /* don't refuse '\r' because we may get a '\n' on next read */ ++ c->crlf_seen = 0; ++ last++; ++ } ++ if (c->crlf_seen >= 2) { ++ /* We have all the HTTP headers now. We don't need to ++ * reserve any space anymore. points to the ++ * first byte of unread data, and points to the ++ * exact location where we want to insert our headers, ++ * which is right before the empty line. ++ */ ++ c->buffsize = BUFFSIZE; ++ ++ if (c->opt->option.xforwardedfor) { ++ /* X-Forwarded-For: xxxx \r\n\0 */ ++ char xforw[17 + IPLEN + 3]; ++ ++ /* We will insert our X-Forwarded-For: header here. ++ * We need to write the IP address, but if we use ++ * sprintf, it will pad with the terminating 0. ++ * So we will pass via a temporary buffer allocated ++ * on the stack. ++ */ ++ memcpy(xforw, "X-Forwarded-For: ", 17); ++ if (getnameinfo(&c->peer_addr.addr[0].sa, ++ addr_len(c->peer_addr.addr[0]), ++ xforw + 17, IPLEN, NULL, 0, ++ NI_NUMERICHOST) == 0) { ++ strcat(xforw + 17, "\r\n"); ++ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, ++ c->buffsize, xforw); ++ } ++ /* last still points to the \r\n and ssl_ptr to the ++ * end of the buffer, so we may add as many headers ++ * as wee need to. ++ */ ++ } ++ } ++ } ++ else ++ c->ssl_ptr+=num; ++ + watchdog=0; /* reset watchdog */ + break; + case SSL_ERROR_WANT_WRITE: +diff -urN stunnel-4.36/src/common.h stunnel-4.36-new//src/common.h +--- stunnel-4.36/src/common.h 2011-05-01 11:42:47.000000000 -0700 ++++ stunnel-4.36-new//src/common.h 2011-05-26 11:37:50.534739709 -0700 +@@ -52,6 +52,9 @@ + /* I/O buffer size */ + #define BUFFSIZE 16384 + ++/* maximum space reserved for header insertion in BUFFSIZE */ ++#define BUFF_RESERVED 1024 ++ + /* IP address and TCP port textual representation length */ + #define IPLEN 128 + +diff -urN stunnel-4.36/src/options.c stunnel-4.36-new//src/options.c +--- stunnel-4.36/src/options.c 2011-04-30 15:14:02.000000000 -0700 ++++ stunnel-4.36-new//src/options.c 2011-05-26 11:37:07.034675915 -0700 +@@ -818,6 +818,29 @@ + } + #endif + ++ /* xforwardedfor */ ++ switch(cmd) { ++ case CMD_INIT: ++ section->option.xforwardedfor=0; ++ break; ++ case CMD_EXEC: ++ if(strcasecmp(opt, "xforwardedfor")) ++ break; ++ if(!strcasecmp(arg, "yes")) ++ section->option.xforwardedfor=1; ++ else if(!strcasecmp(arg, "no")) ++ section->option.xforwardedfor=0; ++ else ++ return "argument should be either 'yes' or 'no'"; ++ return NULL; /* OK */ ++ case CMD_DEFAULT: ++ break; ++ case CMD_HELP: ++ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", ++ "xforwardedfor"); ++ break; ++ } ++ + /* exec */ + switch(cmd) { + case CMD_INIT: +diff -urN stunnel-4.36/src/prototypes.h stunnel-4.36-new//src/prototypes.h +--- stunnel-4.36/src/prototypes.h 2011-05-01 11:18:01.000000000 -0700 ++++ stunnel-4.36-new//src/prototypes.h 2011-05-26 11:37:07.034675915 -0700 +@@ -171,6 +171,7 @@ + struct { + unsigned int client:1; + unsigned int delayed_lookup:1; ++ unsigned int xforwardedfor:1; + unsigned int accept:1; + unsigned int remote:1; + unsigned int retry:1; /* loop remote+program */ +@@ -351,6 +352,8 @@ + FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ + int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */ + s_poll_set fds; /* file descriptors */ ++ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ ++ int crlf_seen; /* the number of successive CRLF seen */ + } CLI; + + CLI *alloc_client_session(SERVICE_OPTIONS *, int, int); -- cgit v1.2.3-65-gdbad