Proxy Server源码及分析(TCP Proxy源码 Socket实现端口映射)
版权声明:本文为博主原创文章,遵循 CC 4.0 by-sa 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u014530704/article/details/78804163
本文主要讲代理服务器源码,是一位叫Carl Harris大神写的,非常简单易懂,把代理服务器(Proxy Server)本质完全体现出来。相信读懂了这段代码,以后想搞定http代理等其他类型的代理服务器也能行。在附录中会贴出proxy全部源码,仅供学习使用。
一、代理服务器的定义
代理服务器(Proxy Server)是一种重要的服务器安全功能,它的工作主要在开放系统互联(OSI)模型的会话层,从而起到防火墙的作用。代理(英语:Proxy),也称网络代理,是一种特殊的网络服务,允许一个网络终端(一般为客户端)通过这个服务与另一个网络终端(一般为服务器)进行非直接的连接。一些网关、路由器等网络设备具备网络代理功能。一般认为代理服务有利于保障网络终端的隐私或安全,防止攻击。
以上截取了网上Proxy Server的定义。看起来晦涩难懂。简单来说,代理服务器就是起到一个转发功能。比如,你在本机A想要访问国外的服务器C,你本机没权限访问C,需要通过向服务器B发送数据,B再把你的数据发送给C,C返回数据也是先把数据交给了B,然后B再转交给你。这里B服务器别名为代理服务器(Proxy Server)。等会分析到proxy源码,就更加清楚了。
二、proxy源码分析
以下是proxy的主程序。
int main(int argc, char **argv)
{
int clilen;
int childpid;
int sockfd, newsockfd;
struct sockaddr_in servaddr, cliaddr;
parse_args(argc, argv);//prepare an address struct to listen for connect
bzero((char*)&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
servaddr.sin_port = proxy_port;
//get asocket ..
if((sockfd = socket(AF_INET, SOCK_STREAM, )) < )
{
fputs("failed to crate server socket\r\n", stderr);
exit();
}
// and bind our address and port to it
if(bind(sockfd, (struct sockaddr_in*)&servaddr, sizeof(servaddr)) < )
{
fputs("failed to bind server socket to specified/r/n", stderr);
exit();
}
// get ready to accept with at most 5 clients waitting to connect
listen(sockfd, );
// turn ourselves into daemon
daemonize(sockfd);
//fall into a loop to accept new connections and spawn children
while()
{
//accept the next connection
clilen = sizeof(cliaddr);
newsockfd = accept(sockfd, (struct sockaddr*)&cliaddr, &clilen);
if(newsockfd < && errno == EINTR)
continue;
//a signal might interrupt our accept call
else if(newsockfd < )
errorout("failed to accept connection");//sth quiet amiss--kill server
//fork a child to handle this connection
if((childpid = fork()) == )
{
close(sockfd);// inherit
do_proxy(newsockfd);
exit();
}
// if fork falied the connection is silently dropped --oops
close(newsockfd);
}
return ;
}
从上面的程序看出,先是用函数parse_args(argc, argv) 解析获得用户输入的信息,包括想要绑定的代理服务器端口号、远程主机的host name 和 远程主机的服务号。获取之后设置到全局变量。接着用socket函数创建tcp 套接字,用bind函数绑定刚才获取到的端口号,用listen监听有没有客户端连接到代理服务器。然后,程序调用daemonize(sockfd)函数,这个函数的作用是创建一个守护进程。程序往下是在while循环里面调用accept函数阻塞,如果发现有客户端连接,就返回一个套接字,并fork出子进程处理这个套接字发过来的请求。do_proxy函数就是专门来干这事的。
do_proxy函数代码如下:
void do_proxy (int usersockfd)
{
int isosockfd;
fd_set rdfdset;
int connstat;
int iolen;
char buf[];
/* open a socket to connect to the isolated host */
if ((isosockfd = socket(AF_INET,SOCK_STREAM,)) < )
errorout("failed to create socket to host");
/* attempt a connection */
connstat = connect(isosockfd,(struct sockaddr *) &hostaddr, sizeof(hostaddr));
switch (connstat)
{
case :
break;
case ETIMEDOUT:
case ECONNREFUSED:
case ENETUNREACH:
strcpy(buf,sys_myerrlist[errno]);
strcat(buf,"\r\n");
write(usersockfd, buf, strlen(buf));
close(usersockfd);
exit();
/* die peacefully if we can't establish a connection */
break;
default:
errorout("failed to connect to host");
}
/* now we're connected, serve fall into the data echo loop */
while ()
{
/* Select for readability on either of our two sockets */
FD_ZERO(&rdfdset);
FD_SET(usersockfd,&rdfdset);
FD_SET(isosockfd,&rdfdset);
if (select(FD_SETSIZE,&rdfdset,NULL,NULL,NULL) < )
errorout("select failed");
/* is the client sending data? */
if (FD_ISSET(usersockfd,&rdfdset))
{
if ((iolen = read(usersockfd,buf,sizeof(buf))) <= )
break; /* zero length means the client disconnected */
write(isosockfd,buf,iolen);
/* copy to host -- blocking semantics */
}
/* is the host sending data? */
if(FD_ISSET(isosockfd,&rdfdset))
{
if((iolen = read(isosockfd,buf,sizeof(buf))) <= )
break; /* zero length means the host disconnected */
write(usersockfd,buf,iolen);
/* copy to client -- blocking semantics */
}
}
/* we're done with the sockets */
close(isosockfd);
close(usersockfd);
}
do_proxy函数是整个程序的核心,代理服务器的工作原理就是从这里体现出来的。函数有一个参数,是客户端连接好的套接字,也就是accept函数的返回值,可用于和客户端发送或者接收消息。在这个函数中,会再用socket函数创建一个新的套接字,这个套接字是用于和远程服务器连接的。在之前parse_args函数中,我们获取过远程服务器的主机名和服务端口号。接着调用connect函数向远程服务器发起连接请求。从这可以看出,代理服务器既是服务器,同时也是远程服务器的客户端。当两边都建立连接好以后,调用select函数,把两边的套接字描述符都加入监视。select函数可参考TCP socket select用法分析。如果发现是客户端A有发送信息请求访问远程服务器C时,本代理服务器就读取A的套接字描述符,把信息存放到buf中,然后再把buf中的数据写到C。反过来,当C有数据响应要发给A时,同样也是先发送给B,然后B再发送给A。
关于代码,这里再讲一下守护进程,函数如下所示:
void daemonize(int servfd)
{
int childpid, fd, fdtablesize;
// ignore terminal I/O,stop signals
signal(SIGTTOU, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTSTP, SIG_IGN);
/* fork to put us in the background (whether or not the user
specified '&' on the command line */
if((childpid=fork()) < )
{
fputs("failed to fork first child/r/n",stderr);
exit();
}
else if(childpid >)
exit();// terminate parent, continue child
//dissociate from process group
if (setpgrp(,getpid()) < )
{
fputs("failed to become process group leader/r/n",stderr);
exit();
}
/* lose controlling terminal */
if ((fd = open("/dev/tty", O_RDWR)) >= )
{
ioctl(fd,TIOCNOTTY,NULL);
close(fd);
}
/* close any open file descriptors */
for(fd = , fdtablesize = getdtablesize(); fd < fdtablesize; fd++)
if (fd != servfd)
close(fd);
/* set working directory to allow filesystems to be unmounted */
chdir("/");
/* clear the inherited umask */
umask();
/* setup zombie prevention */
signal(SIGCLD,(sigfunc *)reap_status);
}
从上面可以看出,程序调用signal忽略一些信号,然后父进程fork出子进程,父进程退出,子进程调用setpgrp(0,getpid()),与进程组分离。接着使子进程与终端脱离,关闭不相关的文件描述符,调用umask将文件模式创建屏蔽字设置为0,最后处理信号SIGCLD。所有这些过程都是为了创建一个守护进程。让程序能够在后台运行,并且不受终端控制。
三、proxy完整源码
/****************************************************************************
program: proxyd
module: proxyd.c
summary: provides proxy tcp service for a host on an isolated network.
programmer: Carl Harris (ceharris@vt.edu)
date: 22 Feb 94
description:
This code implements a daemon process which listens for tcp connec-
tions on a specified port number. When a connection is established,
a child is forked to handle the new client. The child then estab-
lishes a tcp connection to a port on the isolated host. The child
then falls into a loop in which it writes data to the isolated host
for the client and vice-versa. Once a child has been forked, the
parent resumes listening for additional connections.
The name of the isolated host and the port to serve as proxy for,
as well as the port number the server listen on are specified as
command line arguments.
****************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
//#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <netdb.h> #define TCP_PROTO "tcp" int proxy_port; //port to listen for proxy connections on
struct sockaddr_in hostaddr; //host addr assembled form gethostbyname()
extern int errno; //define by libc.a
char *sys_myerrlist[]; void parse_args(int argc, char **argv);
void daemonize(int servfd);
void do_proxy(int usersockfd);
void reap_status(void);
void errout(char *msg); typedef void sigfunc(int );//sigfunc可以声明一个函数类型
/*description: Main level driver. After daemonizing the process,
* a socket is opened to listen for connections on the proxy port,
* connections are accepted and children are spawned to handle each
* new connection.
*/ int main(int argc, char **argv)
{
int clilen;
int childpid;
int sockfd, newsockfd;
struct sockaddr_in servaddr, cliaddr;
parse_args(argc, argv);//prepare an address struct to listen for connect
bzero((char*)&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
servaddr.sin_port = proxy_port;
//get asocket ..
if((sockfd = socket(AF_INET, SOCK_STREAM, )) < )
{
fputs("failed to crate server socket\r\n", stderr);
exit();
}
// and bind our address and port to it
if(bind(sockfd, (struct sockaddr_in*)&servaddr, sizeof(servaddr)) < )
{
fputs("failed to bind server socket to specified/r/n", stderr);
exit();
}
// get ready to accept with at most 5 clients waitting to connect
listen(sockfd, );
// turn ourselves into daemon
daemonize(sockfd);
//fall into a loop to accept new connections and spawn children
while()
{
//accept the next connection
clilen = sizeof(cliaddr);
newsockfd = accept(sockfd, (struct sockaddr*)&cliaddr, &clilen);
if(newsockfd < && errno == EINTR)
continue;
//a signal might interrupt our accept call
else if(newsockfd < )
errorout("failed to accept connection");//sth quiet amiss--kill server
//fork a child to handle this connection
if((childpid = fork()) == )
{
close(sockfd);// inherit
do_proxy(newsockfd);
exit();
}
// if fork falied the connection is silently dropped --oops
close(newsockfd);
}
return ;
} //parse the command line args
void parse_args(int argc, char **argv)
{
int i;
struct hostent *hostp;//host entry
struct servent *servp;
unsigned long inaddr;
struct {
char proxy_port[];
char isolate_host[];
char service_name[];
}pargs;
if(argc < )
{
printf("usage:%s<proxy-port> <host> <service-name|port-number> \r\n", argv[]);
exit();
}
strcpy(pargs.proxy_port, argv[]);
strcpy(pargs.isolate_host, argv[]);
strcpy(pargs.service_name, argv[]);
for(i=; i<strlen(pargs.proxy_port); i++)
if(!isdigit(*(pargs.proxy_port+i)))
break;
if(i == strlen(pargs.proxy_port))
proxy_port = htons(atoi(pargs.proxy_port));//port short
else
{
printf("invalid proxy port\r\n", pargs.proxy_port);
exit();
}
bzero(&hostaddr, sizeof(hostaddr));
hostaddr.sin_family = AF_INET;
if((inaddr= inet_addr(pargs.isolate_host))!= INADDR_NONE)
bcopy(&inaddr, &hostaddr.sin_addr, sizeof(inaddr));
else if((hostp == gethostbyname(pargs.isolate_host)) != NULL)
bcopy(hostp->h_addr,&hostaddr.sin_addr,hostp->h_length);
else
{
printf("%s unknow host \r\n", pargs.isolate_host);
exit();
}
if((servp = getservbyname(pargs.service_name, TCP_PROTO)) != NULL)
hostaddr.sin_port = servp->s_port;
else if(atoi(pargs.service_name) >)
hostaddr.sin_port = htons(atoi(pargs.service_name));
else
{
printf("%s invalid unknow service or port no.\r\n", pargs.service_name);
exit();
}
} /*detach the server process from the current context, creating a pristine,
* predictable environment in which it will */ void daemonize(int servfd)
{
int childpid, fd, fdtablesize;
// ignore terminal I/O,stop signals
signal(SIGTTOU, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTSTP, SIG_IGN);
/* fork to put us in the background (whether or not the user
specified '&' on the command line */
if((childpid=fork()) < )
{
fputs("failed to fork first child/r/n",stderr);
exit();
}
else if(childpid >)
exit();// terminate parent, continue child
//dissociate from process group
if (setpgrp(,getpid()) < )
{
fputs("failed to become process group leader/r/n",stderr);
exit();
}
/* lose controlling terminal */
if ((fd = open("/dev/tty", O_RDWR)) >= )
{
ioctl(fd,TIOCNOTTY,NULL);
close(fd);
}
/* close any open file descriptors */
for(fd = , fdtablesize = getdtablesize(); fd < fdtablesize; fd++)
if (fd != servfd)
close(fd);
/* set working directory to allow filesystems to be unmounted */
chdir("/");
/* clear the inherited umask */
umask();
/* setup zombie prevention */
signal(SIGCLD,(sigfunc *)reap_status);
} //handle a SIGCLD signal by reaping the exit status of the perished child,
//and discarding it.
void reap_status()
{
int pid;
union wait status;
while ((pid = wait3(&status,WNOHANG,NULL)) > )
; /* loop while there are more dead children */
} //does the actual work of virtually connecting a client to the telnet
//service on the isolated host. void do_proxy (int usersockfd)
{
int isosockfd;
fd_set rdfdset;
int connstat;
int iolen;
char buf[];
/* open a socket to connect to the isolated host */
if ((isosockfd = socket(AF_INET,SOCK_STREAM,)) < )
errorout("failed to create socket to host");
/* attempt a connection */
connstat = connect(isosockfd,(struct sockaddr *) &hostaddr, sizeof(hostaddr));
switch (connstat)
{
case :
break;
case ETIMEDOUT:
case ECONNREFUSED:
case ENETUNREACH:
strcpy(buf,sys_myerrlist[errno]);
strcat(buf,"\r\n");
write(usersockfd, buf, strlen(buf));
close(usersockfd);
exit();
/* die peacefully if we can't establish a connection */
break;
default:
errorout("failed to connect to host");
}
/* now we're connected, serve fall into the data echo loop */
while ()
{
/* Select for readability on either of our two sockets */
FD_ZERO(&rdfdset);
FD_SET(usersockfd,&rdfdset);
FD_SET(isosockfd,&rdfdset);
if (select(FD_SETSIZE,&rdfdset,NULL,NULL,NULL) < )
errorout("select failed");
/* is the client sending data? */
if (FD_ISSET(usersockfd,&rdfdset))
{
if ((iolen = read(usersockfd,buf,sizeof(buf))) <= )
break; /* zero length means the client disconnected */
write(isosockfd,buf,iolen);
/* copy to host -- blocking semantics */
}
/* is the host sending data? */
if(FD_ISSET(isosockfd,&rdfdset))
{
if((iolen = read(isosockfd,buf,sizeof(buf))) <= )
break; /* zero length means the host disconnected */
write(usersockfd,buf,iolen);
/* copy to client -- blocking semantics */
}
}
/* we're done with the sockets */
close(isosockfd);
close(usersockfd);
} //displays an error message on the console and kills the current process.
void errorout (char *msg)
{
FILE *console;
console = fopen("/dev/console","a");
fprintf(console,"proxyd: %s\r\n",msg);
fclose(console);
exit();
}
Proxy Server源码及分析(TCP Proxy源码 Socket实现端口映射)的更多相关文章
- WebBench压力测试工具(详细源码注释+分析)
本文适合人群:对WebBench实现感兴趣的人 WebBench原理: Linux下使用的服务器压力测试工具,利用fork建立多个子进程,每个子进程在测试时间内不断发送请求报文,建立多个连接,然后由父 ...
- 转:Jmeter 用户思考时间(User think time),定时器,和代理服务器(proxy server)
在负载测试中需要考虑的的一个重要要素是思考时间(think time), 也就是在两次成功的访问请求之间的暂停时间. 有多种情形挥发导致延迟的发生: 用户需要时间阅读文字内容,或者填表,或者查找正确的 ...
- DRF源码系列分析
DRF源码系列分析 DRF源码系列分析--版本 DRF源码系列分析--认证 DRF源码系列分析--权限 DRF源码系列分析--节流
- 5.深入Istio源码:Pilot-agent作用及其源码分析
转载请声明出处哦~,本篇文章发布于luozhiyun的博客:https://www.luozhiyun.com 本文使用的Istio源码是 release 1.5. 介绍 Sidecar在注入的时候会 ...
- urllib源码简单分析
对下面这段代码做分析 import urllib params = urllib.urlencode({'wd': 'python'}) f = urllib.urlopen("http:/ ...
- 【Orleans开胃菜系列2】连接Connect源码简易分析
[Orleans开胃菜系列2]连接Connect源码简易分析 /** * prism.js Github theme based on GitHub's theme. * @author Sam Cl ...
- Activity源码简要分析总结
Activity源码简要分析总结 摘自参考书籍,只列一下结论: 1. Activity的顶层View是DecorView,而我们在onCreate()方法中通过setContentView()设置的V ...
- spring事务源码分析结合mybatis源码(三)
下面将结合mybatis源码来分析下,这种持久化框架是如何对connection使用,来达到spring事务的控制. 想要在把mybatis跟spring整合都需要这样一个jar包:mybatis-s ...
- Proxy Server代理服务器(轉載)
宽带IP城域网开通以来,单位连上了宽带网,10M的带宽让我们感受到了宽带的魅力.电信只提供7个IP地址,对任何一个单位来说都太少了,常用的解决办法是使用代理服务器.微软的MS Proxy Server ...
随机推荐
- linux技能点 二
三. 文件操作:新增,删除,修改,查找,文件属性,文件内容查看,文件辅助命令,打包(解压缩),文件名注意事项. 新增:单文件,目录 ...
- weblogic如何修改密码&密码找回
一.修改Console密码后,挂载的服务无法重启[解决办法] 1. 打开weblogic控制台,安全领域 --> myrealm --> 用户和组,将会看到weblogic用户,可以直接删 ...
- 在地址栏里输入一个 URL后,按下 Enter 到这个页面呈现出来,中间会发生什么?
这是一个面试高频的问题 在输入 URL 后,首先需要找到这个 URL 域名的服务器 IP,为了寻找这个 IP,浏览器首先会寻找缓存,查看缓存中是否有记录,缓存的查找记录为:浏览器缓存 ->系统缓 ...
- 自定义View(二),强大的Canvas
本文转自:http://www.jcodecraeer.com/a/anzhuokaifa/androidkaifa/2012/1212/703.html Android中使用图形处理引擎,2D部分是 ...
- golang读写文件
1. 标准输入输出 os提供了标准输入输出文件: Stdin = NewFile(uintptr(syscall.Stdin), "/dev/stdin") Stdout = Ne ...
- 最大m子段和
最大m子段和 定义一串子段s1,s2,s3 ... sn-1,sn 求m段不交叉最大子段和 解:设dp[i][j]代表前j个数分成i段的最大和(包括a[j]) 状态转移方程: dp[i][j]=Max ...
- unix域套接字
对于本地通信,unix域套接字通信是internet通信速度的2倍
- 项目Alpha冲刺--6/10
项目Alpha冲刺--6/10 作业要求 这个作业属于哪个课程 软件工程1916-W(福州大学) 这个作业要求在哪里 项目Alpha冲刺 团队名称 基于云的胜利冲锋队 项目名称 云评:高校学生成绩综合 ...
- 项目Alpha冲刺 8
作业描述 课程: 软件工程1916|W(福州大学) 作业要求: 项目Alpha冲刺(团队) 团队名称: 火鸡堂 作业目标: 介绍第8天冲刺的项目进展.问题困难和心得体会 1.团队信息 队名:火鸡堂 队 ...
- L1141
一,看题 1,位于0格可移动到相邻得1格.位于1格可移动到相邻的0格上. 2,从某一格开始可以移动的格子数.(应该不能重复,否则不久循环了.那就意味着我们可以要标记喽?) 3 二,写题 1,你是一次一 ...