From 776dbf88df1911ec379c2fece0089fd2f5c71021 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 6 Nov 2015 08:48:35 +0100 Subject: [PATCH] Add ability to use proxies to connect to hostnames when there is no nameserver. This adds support for SOCKS4a, and enhances the support for SOCKS5 and HTTP. --- src/Makefile.am | 1 + src/meta.c | 88 +++++--------- src/net.h | 14 --- src/net_setup.c | 7 +- src/net_socket.c | 33 ++++- src/netutl.c | 4 +- src/protocol.c | 14 --- src/protocol.h | 1 + src/protocol_auth.c | 87 +------------- src/proxy.c | 287 ++++++++++++++++++++++++++++++++++++++++++++ src/proxy.h | 43 +++++++ 11 files changed, 395 insertions(+), 184 deletions(-) create mode 100644 src/proxy.c create mode 100644 src/proxy.h diff --git a/src/Makefile.am b/src/Makefile.am index 937800d3..ebd52abc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -40,6 +40,7 @@ tincd_SOURCES = \ protocol_misc.c \ protocol_key.c \ protocol_subnet.c \ + proxy.c proxy.h \ raw_socket_device.c \ route.c route.h \ subnet.c subnet.h \ diff --git a/src/meta.c b/src/meta.c index e62c3b7d..daa55e40 100644 --- a/src/meta.c +++ b/src/meta.c @@ -30,6 +30,7 @@ #include "meta.h" #include "net.h" #include "protocol.h" +#include "proxy.h" #include "utils.h" #include "xalloc.h" @@ -160,6 +161,17 @@ bool receive_meta(connection_t *c) { c->buflen += lenin; while(lenin > 0) { + reqlen = 0; + + /* Is it proxy metadata? */ + + if(c->allow_request == PROXY) { + reqlen = receive_proxy_meta(c, oldlen, lenin); + if(reqlen < 0) + return false; + goto consume; + } + /* Decrypt */ if(c->status.decryptin && !decrypted) { @@ -177,74 +189,32 @@ bool receive_meta(connection_t *c) { if(c->tcplen) { if(c->tcplen <= c->buflen) { - if(!c->node) { - if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) { - if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) { - ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted"); - } else { - logger(LOG_ERR, "Proxy request rejected"); - return false; - } - } else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) { - if(c->buffer[0] != 5) { - logger(LOG_ERR, "Invalid response from proxy server"); - return false; - } - if(c->buffer[1] == (char)0xff) { - logger(LOG_ERR, "Proxy request rejected: unsuitable authentication method"); - return false; - } - if(c->buffer[2] != 5) { - logger(LOG_ERR, "Invalid response from proxy server"); - return false; - } - if(c->buffer[3] == 0) { - ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted"); - } else { - logger(LOG_ERR, "Proxy request rejected"); - return false; - } - } else { - logger(LOG_ERR, "c->tcplen set but c->node is NULL!"); - abort(); - } - } else { - if(c->allow_request == ALL) { - receive_tcppacket(c, c->buffer, c->tcplen); - } else { - logger(LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname); - return false; - } + if(c->allow_request != ALL) { + logger(LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname); + return false; } - c->buflen -= c->tcplen; - lenin -= c->tcplen - oldlen; - memmove(c->buffer, c->buffer + c->tcplen, c->buflen); - oldlen = 0; + receive_tcppacket(c, c->buffer, c->tcplen); + reqlen = c->tcplen; c->tcplen = 0; - continue; - } else { - break; } - } - - /* Otherwise we are waiting for a request */ - - reqlen = 0; + } else { + /* Otherwise we are waiting for a request */ - for(i = oldlen; i < c->buflen; i++) { - if(c->buffer[i] == '\n') { - c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ - reqlen = i + 1; - break; + for(i = oldlen; i < c->buflen; i++) { + if(c->buffer[i] == '\n') { + c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ + c->reqlen = reqlen = i + 1; + break; + } } - } - if(reqlen) { - c->reqlen = reqlen; - if(!receive_request(c)) + if(reqlen && !receive_request(c)) return false; + } +consume: + if(reqlen) { c->buflen -= reqlen; lenin -= reqlen - oldlen; memmove(c->buffer, c->buffer + reqlen, c->buflen); diff --git a/src/net.h b/src/net.h index 0982020f..8de3a2c4 100644 --- a/src/net.h +++ b/src/net.h @@ -123,20 +123,6 @@ extern time_t now; extern int contradicting_add_edge; extern int contradicting_del_edge; -extern char *proxyhost; -extern char *proxyport; -extern char *proxyuser; -extern char *proxypass; -typedef enum proxytype_t { - PROXY_NONE = 0, - PROXY_SOCKS4, - PROXY_SOCKS4A, - PROXY_SOCKS5, - PROXY_HTTP, - PROXY_EXEC, -} proxytype_t; -extern proxytype_t proxytype; - extern volatile bool running; /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ diff --git a/src/net_setup.c b/src/net_setup.c index 863616b7..50d5680a 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -39,6 +39,7 @@ #include "netutl.h" #include "process.h" #include "protocol.h" +#include "proxy.h" #include "route.h" #include "subnet.h" #include "utils.h" @@ -47,12 +48,6 @@ char *myport; devops_t devops; -char *proxyhost; -char *proxyport; -char *proxyuser; -char *proxypass; -proxytype_t proxytype; - bool read_rsa_public_key(connection_t *c) { FILE *fp; char *pubname; diff --git a/src/net_socket.c b/src/net_socket.c index c167c2f3..e63da754 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -31,6 +31,7 @@ #include "net.h" #include "netutl.h" #include "protocol.h" +#include "proxy.h" #include "utils.h" #include "xalloc.h" @@ -354,8 +355,19 @@ static void do_outgoing_pipe(connection_t *c, char *command) { #endif } +static bool is_valid_host_port(const char *host, const char *port) { + for(const char *p = host; *p; p++) + if(!isalnum(*p) && *p != '-' && *p != '.') + return false; + + for(const char *p = port; *p; p++) + if(!isalnum(*p)) + return false; + + return true; +} + void do_outgoing_connection(connection_t *c) { - char *address, *port, *space; struct addrinfo *proxyai = NULL; int result; @@ -375,6 +387,8 @@ begin: return; } + char *address, *port, *space; + get_config_string(c->outgoing->cfg, &address); space = strchr(address, ' '); @@ -387,11 +401,23 @@ begin: } c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM); - free(address); - free(port); + + // If we cannot resolve the address, maybe we are using a proxy that can? + if(!c->outgoing->ai && proxytype != PROXY_NONE && is_valid_host_port(address, port)) { + memset(&c->address, 0, sizeof c->address); + c->address.sa.sa_family = AF_UNKNOWN; + c->address.unknown.address = address; + c->address.unknown.port = port; + } else { + free(address); + free(port); + } c->outgoing->aip = c->outgoing->ai; c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg); + + if(!c->outgoing->ai && proxytype != PROXY_NONE) + goto connect; } if(!c->outgoing->aip) { @@ -404,6 +430,7 @@ begin: memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen); c->outgoing->aip = c->outgoing->aip->ai_next; +connect: if(c->hostname) free(c->hostname); diff --git a/src/netutl.c b/src/netutl.c index 275c64f7..2abbe86d 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -33,7 +33,7 @@ bool hostnames = false; Return NULL on failure. */ struct addrinfo *str2addrinfo(const char *address, const char *service, int socktype) { - struct addrinfo *ai, hint = {0}; + struct addrinfo *ai = NULL, hint = {0}; int err; hint.ai_family = addressfamily; @@ -55,7 +55,7 @@ struct addrinfo *str2addrinfo(const char *address, const char *service, int sock } sockaddr_t str2sockaddr(const char *address, const char *port) { - struct addrinfo *ai, hint = {0}; + struct addrinfo *ai = NULL, hint = {0}; sockaddr_t result; int err; diff --git a/src/protocol.c b/src/protocol.c index b385fbc3..5d5518fd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -125,20 +125,6 @@ void forward_request(connection_t *from) { bool receive_request(connection_t *c) { int request; - if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) { - if(!c->buffer[0] || c->buffer[0] == '\r') - return true; - if(!strncasecmp(c->buffer, "HTTP/1.1 ", 9)) { - if(!strncmp(c->buffer + 9, "200", 3)) { - logger(LOG_DEBUG, "Proxy request granted"); - return true; - } else { - logger(LOG_DEBUG, "Proxy request rejected: %s", c->buffer + 9); - return false; - } - } - } - if(sscanf(c->buffer, "%d", &request) == 1) { if((request < 0) || (request >= LAST) || !request_handlers[request]) { ifdebug(META) diff --git a/src/protocol.h b/src/protocol.h index 6c46c726..54d03796 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -36,6 +36,7 @@ /* Request numbers */ typedef enum request_t { + PROXY = -2, ALL = -1, /* Guardian for allow_request */ ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, STATUS, ERROR, TERMREQ, diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 971341f7..e54fe231 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -36,95 +36,10 @@ #include "netutl.h" #include "node.h" #include "protocol.h" +#include "proxy.h" #include "utils.h" #include "xalloc.h" -static bool send_proxyrequest(connection_t *c) { - switch(proxytype) { - case PROXY_HTTP: { - char *host; - char *port; - - sockaddr2str(&c->address, &host, &port); - send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port); - free(host); - free(port); - return true; - } - case PROXY_SOCKS4: { - if(c->address.sa.sa_family != AF_INET) { - logger(LOG_ERR, "Cannot connect to an IPv6 host through a SOCKS 4 proxy!"); - return false; - } - char s4req[9 + (proxyuser ? strlen(proxyuser) : 0)]; - s4req[0] = 4; - s4req[1] = 1; - memcpy(s4req + 2, &c->address.in.sin_port, 2); - memcpy(s4req + 4, &c->address.in.sin_addr, 4); - if(proxyuser) - strcpy(s4req + 8, proxyuser); - s4req[sizeof s4req - 1] = 0; - c->tcplen = 8; - return send_meta(c, s4req, sizeof s4req); - } - case PROXY_SOCKS5: { - int len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16); - c->tcplen = 2; - if(proxypass) - len += 3 + strlen(proxyuser) + strlen(proxypass); - char s5req[len]; - int i = 0; - s5req[i++] = 5; - s5req[i++] = 1; - if(proxypass) { - s5req[i++] = 2; - s5req[i++] = 1; - s5req[i++] = strlen(proxyuser); - strcpy(s5req + i, proxyuser); - i += strlen(proxyuser); - s5req[i++] = strlen(proxypass); - strcpy(s5req + i, proxypass); - i += strlen(proxypass); - c->tcplen += 2; - } else { - s5req[i++] = 0; - } - s5req[i++] = 5; - s5req[i++] = 1; - s5req[i++] = 0; - if(c->address.sa.sa_family == AF_INET) { - s5req[i++] = 1; - memcpy(s5req + i, &c->address.in.sin_addr, 4); - i += 4; - memcpy(s5req + i, &c->address.in.sin_port, 2); - i += 2; - c->tcplen += 10; - } else if(c->address.sa.sa_family == AF_INET6) { - s5req[i++] = 3; - memcpy(s5req + i, &c->address.in6.sin6_addr, 16); - i += 16; - memcpy(s5req + i, &c->address.in6.sin6_port, 2); - i += 2; - c->tcplen += 22; - } else { - logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family); - return false; - } - if(i > len) - abort(); - return send_meta(c, s5req, sizeof s5req); - } - case PROXY_SOCKS4A: - logger(LOG_ERR, "Proxy type not implemented yet"); - return false; - case PROXY_EXEC: - return true; - default: - logger(LOG_ERR, "Unknown proxy type"); - return false; - } -} - bool send_id(connection_t *c) { if(proxytype && c->outgoing) if(!send_proxyrequest(c)) diff --git a/src/proxy.c b/src/proxy.c new file mode 100644 index 00000000..165d3f34 --- /dev/null +++ b/src/proxy.c @@ -0,0 +1,287 @@ +/* + proxy.c -- Proxy handling functions. + Copyright (C) 2015 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +#include "system.h" + +#include "connection.h" +#include "logger.h" +#include "meta.h" +#include "netutl.h" +#include "protocol.h" +#include "proxy.h" +#include "utils.h" // + +proxytype_t proxytype; +char *proxyhost; +char *proxyport; +char *proxyuser; +char *proxypass; + +static void update_address_ipv4(connection_t *c, void *address, void *port) { + sockaddrfree(&c->address); + memset(&c->address, 0, sizeof c->address); + c->address.sa.sa_family = AF_INET; + if(address) + memcpy(&c->address.in.sin_addr, address, sizeof(ipv4_t)); + if(port) + memcpy(&c->address.in.sin_port, port, sizeof(uint16_t)); + // OpenSSH -D returns all zero address, set it to 0.0.0.1 to prevent spamming ourselves. + if(!memcmp(&c->address.in.sin_addr, "\0\0\0\0", 4)) + memcpy(&c->address.in.sin_addr, "\0\0\0\01", 4); +} + +static void update_address_ipv6(connection_t *c, void *address, void *port) { + sockaddrfree(&c->address); + memset(&c->address, 0, sizeof c->address); + c->address.sa.sa_family = AF_INET6; + if(address) + memcpy(&c->address.in6.sin6_addr, address, sizeof(ipv6_t)); + if(port) + memcpy(&c->address.in6.sin6_port, port, sizeof(uint16_t)); + // OpenSSH -D returns all zero address, set it to 0100:: to prevent spamming ourselves. + if(!memcmp(&c->address.in6.sin6_addr, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16)) + memcpy(&c->address.in6.sin6_addr, "\01\0\0\0\0\0\0\0", 8); +} + +bool send_proxyrequest(connection_t *c) { + switch(proxytype) { + case PROXY_SOCKS4: + if(c->address.sa.sa_family != AF_INET) { + logger(LOG_ERR, "Can only connect to numeric IPv4 addresses through a SOCKS 4 proxy!"); + return false; + } + case PROXY_SOCKS4A: { + if(c->address.sa.sa_family != AF_INET && c->address.sa.sa_family != AF_UNKNOWN) { + logger(LOG_ERR, "Can only connect to IPv4 addresses or hostnames through a SOCKS 4a proxy!"); + return false; + } + int len = 9; + if(proxyuser) + len += strlen(proxyuser); + if(c->address.sa.sa_family == AF_UNKNOWN) + len += 1 + strlen(c->address.unknown.address); + char s4req[len]; + s4req[0] = 4; + s4req[1] = 1; + if(c->address.sa.sa_family == AF_INET) { + memcpy(s4req + 2, &c->address.in.sin_port, 2); + memcpy(s4req + 4, &c->address.in.sin_addr, 4); + } else { + uint16_t port = htons(atoi(c->address.unknown.port)); + memcpy(s4req + 2, &port, 2); + memcpy(s4req + 4, "\0\0\0\1", 4); + strcpy(s4req + (9 + (proxyuser ? strlen(proxyuser) : 0)), c->address.unknown.address); + } + if(proxyuser) + strcpy(s4req + 8, proxyuser); + else + s4req[8] = 0; + s4req[sizeof s4req - 1] = 0; + c->allow_request = PROXY; + return send_meta(c, s4req, sizeof s4req); + } + + case PROXY_SOCKS5: { + int len = 3 + 6; + if(c->address.sa.sa_family == AF_INET) { + len += 4; + } else if(c->address.sa.sa_family == AF_INET6) { + len += 16; + } else if(c->address.sa.sa_family == AF_UNKNOWN) { + len += 1 + strlen(c->address.unknown.address); + } else { + logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family); + return false; + } + if(proxypass) + len += 3 + strlen(proxyuser) + strlen(proxypass); + char s5req[len]; + int i = 0; + s5req[i++] = 5; + s5req[i++] = 1; + if(proxypass) { + s5req[i++] = 2; + s5req[i++] = 1; + s5req[i++] = strlen(proxyuser); + strcpy(s5req + i, proxyuser); + i += strlen(proxyuser); + s5req[i++] = strlen(proxypass); + strcpy(s5req + i, proxypass); + i += strlen(proxypass); + } else { + s5req[i++] = 0; + } + s5req[i++] = 5; + s5req[i++] = 1; + s5req[i++] = 0; + if(c->address.sa.sa_family == AF_INET) { + s5req[i++] = 1; + memcpy(s5req + i, &c->address.in.sin_addr, 4); + i += 4; + memcpy(s5req + i, &c->address.in.sin_port, 2); + i += 2; + } else if(c->address.sa.sa_family == AF_INET6) { + s5req[i++] = 4; + memcpy(s5req + i, &c->address.in6.sin6_addr, 16); + i += 16; + memcpy(s5req + i, &c->address.in6.sin6_port, 2); + i += 2; + } else if(c->address.sa.sa_family == AF_UNKNOWN) { + s5req[i++] = 3; + int len = strlen(c->address.unknown.address); + s5req[i++] = len; + memcpy(s5req + i, c->address.unknown.address, len); + i += len; + uint16_t port = htons(atoi(c->address.unknown.port)); + memcpy(s5req + i, &port, 2); + i += 2; + } else { + logger(LOG_ERR, "Unknown address family while trying to connect to SOCKS5 proxy"); + return false; + } + if(i > len) + abort(); + c->allow_request = PROXY; + return send_meta(c, s5req, sizeof s5req); + } + + case PROXY_HTTP: { + char *host; + char *port; + + sockaddr2str(&c->address, &host, &port); + send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port); + free(host); + free(port); + c->allow_request = PROXY; + return true; + } + + case PROXY_EXEC: + return true; + + default: + logger(LOG_ERR, "Unknown proxy type"); + return false; + } +} + +int receive_proxy_meta(connection_t *c, int start, int lenin) { + switch(proxytype) { + case PROXY_SOCKS4: + case PROXY_SOCKS4A: + if(c->buflen < 8) + return 0; + if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) { + if(c->address.sa.sa_family == AF_UNKNOWN) + update_address_ipv4(c, c->buffer + 4, c->buffer + 2); + + ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted"); + c->allow_request = ID; + return 8; + } else { + logger(LOG_ERR, "Proxy request rejected"); + return -1; + } + + case PROXY_SOCKS5: + if(c->buflen < 2) + return 0; + if(c->buffer[0] != 0x05 || c->buffer[1] == 0xff) { + logger(LOG_ERR, "Proxy authentication method rejected"); + return -1; + } + int offset = 2; + if(c->buffer[1] == 0x02) { + if(c->buflen < 4) + return 0; + if(c->buffer[2] != 0x05 || c->buffer[3] != 0x00) { + logger(LOG_ERR, "Proxy username/password rejected"); + return -1; + } + offset += 2; + } + if(c->buflen - offset < 7) + return 0; + if(c->buffer[offset] != 0x05 || c->buffer[offset + 1] != 0x00) { + logger(LOG_ERR, "Proxy request rejected"); + return -1; + } + int replen = offset + 6; + switch(c->buffer[offset + 3]) { + case 0x01: // IPv4 + if(c->address.sa.sa_family == AF_UNKNOWN) + update_address_ipv4(c, c->buffer + offset + 4, c->buffer + offset + 8); + replen += 4; + break; + case 0x03: // Hostname + if(c->address.sa.sa_family == AF_UNKNOWN) + update_address_ipv4(c, "\0\0\0\1", "\0\0"); + replen += ((uint8_t *)c->buffer)[offset + 4]; + break; + case 0x04: // IPv6 + if(c->address.sa.sa_family == AF_UNKNOWN) + update_address_ipv6(c, c->buffer + offset + 4, c->buffer + offset + 20); + replen += 16; + break; + default: + logger(LOG_ERR, "Proxy reply malformed"); + return -1; + } + if(c->buflen < replen) { + return 0; + } else { + ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted"); + c->allow_request = ID; + return replen; + } + + case PROXY_HTTP: { + char *p = memchr(c->buffer, '\n', c->buflen); + if(!p || p - c->buffer >= c->buflen) + return 0; + p = memchr(p + 1, '\n', c->buflen - (p + 1 - c->buffer)); + if(!p) + return 0; + + if(c->buflen < 9) + return 0; + + if(!strncasecmp(c->buffer, "HTTP/1.1 ", 9)) { + if(!strncmp(c->buffer + 9, "200", 3)) { + if(c->address.sa.sa_family == AF_UNKNOWN) + update_address_ipv4(c, "\0\0\0\1", "\0\0"); + logger(LOG_DEBUG, "Proxy request granted"); + replen = p + 1 - c->buffer; + c->allow_request = ID; + return replen; + } else { + logger(LOG_ERR, "Proxy request rejected: %s", c->buffer + 9); + return false; + } + } else { + logger(LOG_ERR, "Proxy reply malformed"); + return -1; + } + } + + default: + abort(); + } +} diff --git a/src/proxy.h b/src/proxy.h new file mode 100644 index 00000000..a9829439 --- /dev/null +++ b/src/proxy.h @@ -0,0 +1,43 @@ +/* + proxy.h -- header for proxy.c + Copyright (C) 2015 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +#ifndef __TINC_PROXY_H__ +#define __TINC_PROXY_H__ + +#include "connection.h" + +typedef enum proxytype_t { + PROXY_NONE = 0, + PROXY_SOCKS4, + PROXY_SOCKS4A, + PROXY_SOCKS5, + PROXY_HTTP, + PROXY_EXEC, +} proxytype_t; + +extern proxytype_t proxytype; +extern char *proxyhost; +extern char *proxyport; +extern char *proxyuser; +extern char *proxypass; + +extern bool send_proxyrequest(struct connection_t *c); +extern int receive_proxy_meta(struct connection_t *c, int start, int lenin); + +#endif -- 2.20.1