Improve and clean up code and documentation

3 years ago · 017f0f8631
parent 4602d0109b
commit 017f0f8631
8 changed files with 40 additions and 62 deletions
--- a/README.md
+++ b/README.md
@ -353,7 +353,7 @@ The second rule passes through HTTPS connections from the user soner who has
 logged in with the description android to SSL sites with the Common Names 
 containing the substring .fbcdn.net anywhere in it (notice the asterisk at the 
 end). Since connection contents cannot be written to log files in passthrough 
-mode, the rule does not specify any log action.
+mode, the rule does not specify any content log action.

 The default filter action is Divert. So, if those are the only filtering rules 
 in that proxyspec, the other connections are diverted to the listening program 
--- a/src/aho_corasick_template.h
+++ b/src/aho_corasick_template.h
@ -17,6 +17,10 @@
 *  along with this file.  If not, see <http://www.gnu.org/licenses/>.
 */

+/*
+ * 2021-10-06: The developer has been contacted for a license change to the LGPL.
+ */
+
 #ifndef __ACM_TEMPLATE__

 #  define __ACM_TEMPLATE__
--- a/src/aho_corasick_template_impl.h
+++ b/src/aho_corasick_template_impl.h
@ -16,6 +16,10 @@
 *  along with this file.  If not, see <http://www.gnu.org/licenses/>.
 */

+/*
+ * 2021-10-06: The developer has been contacted for a license change to the LGPL.
+ */
+
 /*
 * This file is modified from the original to suppress ISO C and c99 warnings 
 * issued by both gcc and clang, such as those for _Generic selection and %n$ 
--- a/src/filter.c
+++ b/src/filter.c
@ -2243,12 +2243,11 @@ filter_port_exact_match(kbtree_t(port) *btree, char *p)
 static filter_port_t *
 filter_port_substring_match(ACMachine(char) *acm, char *port)
 {
-	if (acm) {
-		filter_port_t *p = NULL;
-		match_acm(acm, port, p)
-		return p;
-	}
-	return NULL;
+	if (!acm)
+		return NULL;
+	filter_port_t *p = NULL;
+	match_acm(acm, port, p)
+	return p;
 }

 filter_port_t *
@ -2375,12 +2374,11 @@ filter_site_exact_match(kbtree_t(site) *btree, char *s)
 filter_site_t *
 filter_site_substring_match(ACMachine(char) *acm, char *site)
 {
-	if (acm) {
-		filter_site_t *s = NULL;
-		match_acm(acm, site, s)
-		return s;
-	}
-	return NULL;
+	if (!acm)
+		return NULL;
+	filter_site_t *s = NULL;
+	match_acm(acm, site, s)
+	return s;
 }

 filter_site_t *
@ -2540,21 +2538,11 @@ filter_ip_exact_match(kbtree_t(ip) *btree, char *i)
 filter_ip_t *
 filter_ip_substring_match(ACMachine(char) *acm, char *ip)
 {
-	if (acm) {
-		filter_ip_t *i = NULL;
-		match_acm(acm, ip, i)
-		return i;
-	}
-	return NULL;
-}
-
-filter_ip_t *
-filter_ip_find(filter_t *filter, char *i)
-{
-	filter_ip_t *ip = filter_ip_exact_match(filter->ip_btree, i);
-	if (ip)
-		return ip;
-	return filter_ip_substring_match(filter->ip_acm, i);
+	if (!acm)
+		return NULL;
+	filter_ip_t *i = NULL;
+	match_acm(acm, ip, i)
+	return i;
 }

 static filter_ip_t *
@ -2645,21 +2633,11 @@ filter_desc_exact_match(kbtree_t(desc) *btree, char *k)
 filter_desc_t *
 filter_desc_substring_match(ACMachine(char) *acm, char *desc)
 {
-	if (acm) {
-		filter_desc_t *k = NULL;
-		match_acm(acm, desc, k)
-		return k;
-	}
-	return NULL;
-}
-
-filter_desc_t *
-filter_desc_find(filter_t *filter, filter_user_t *user, char *k)
-{
-	filter_desc_t *desc = filter_desc_exact_match(user ? user->desc_btree : filter->desc_btree, k);
-	if (desc)
-		return desc;
-	return filter_desc_substring_match(user ? user->desc_acm : filter->desc_acm, k);
+	if (!acm)
+		return NULL;
+	filter_desc_t *k = NULL;
+	match_acm(acm, desc, k)
+	return k;
 }

 static filter_desc_t *
@ -2751,21 +2729,11 @@ filter_user_exact_match(kbtree_t(user) *btree, char *u)
 filter_user_t *
 filter_user_substring_match(ACMachine(char) *acm, char *user)
 {
-	if (acm) {
-		filter_user_t *u = NULL;
-		match_acm(acm, user, u)
-		return u;
-	}
-	return NULL;
-}
-
-filter_user_t *
-filter_user_find(filter_t *filter, char *u)
-{
-	filter_user_t *user = filter_user_exact_match(filter->user_btree, u);
-	if (user)
-		return user;
-	return filter_user_substring_match(filter->user_acm, u);
+	if (!acm)
+		return NULL;
+	filter_user_t *u = NULL;
+	match_acm(acm, user, u)
+	return u;
 }

 static filter_user_t *
--- a/src/filter.h
+++ b/src/filter.h
@ -122,10 +122,10 @@ typedef struct filter_rule {

 	// Conn field to apply filter to
 	unsigned int dstip : 1;       /* 1 to apply to dst ip */
-	unsigned int host : 1;        /* 1 to apply to http host */
-	unsigned int uri : 1;         /* 1 to apply to http uri */
 	unsigned int sni : 1;         /* 1 to apply to sni */
 	unsigned int cn : 1;          /* 1 to apply to common names */
+	unsigned int host : 1;        /* 1 to apply to http host */
+	unsigned int uri : 1;         /* 1 to apply to http uri */

 	struct filter_action action;

--- a/src/kbtree.h
+++ b/src/kbtree.h
@ -38,6 +38,7 @@
 * pairs, which may be of a complex data type. And the key may be a field in 
 * that complex data type.
 */
+
 #ifndef __AC_KBTREE_H
 #define __AC_KBTREE_H

--- a/src/protossl.c
+++ b/src/protossl.c
@ -1673,7 +1673,8 @@ protossl_bev_eventcb_connected_srvdst(UNUSED struct bufferevent *bev, pxy_conn_c
 		return;
 	}

-	// Set src ssl up early to apply protossl filter 
+	// Set src ssl up early to apply SSL filter,
+	// this is the last moment we can take divert or split action
 	if (protossl_setup_src_ssl(ctx) != 0) {
 		return;
 	}
--- a/src/sslproxy.1
+++ b/src/sslproxy.1
@ -367,7 +367,7 @@ The second rule passes through HTTPS connections from the user soner who has
 logged in with the description android to SSL sites with the Common Names 
 containing the substring .fbcdn.net anywhere in it (notice the asterisk at the 
 end). Since connection contents cannot be written to log files in passthrough 
-mode, the rule does not specify any log action.
+mode, the rule does not specify any content log action.
 .LP
 The default filter action is Divert. So, if those are the only filtering rules 
 in that proxyspec, the other connections are diverted to the listening program