aboutsummaryrefslogtreecommitdiffstats
path: root/libmproxy
Commit message (Expand)AuthorAgeFilesLines
* fix #318Maximilian Hils2014-08-081-33/+47
* remove platform.setupMaximilian Hils2014-08-083-7/+5
* properly express state information on server connections, refs #315Maximilian Hils2014-08-085-34/+44
* fix script path escaping on windows, refs #293Maximilian Hils2014-08-081-0/+3
* docs: add docs for script args, fix #293Maximilian Hils2014-08-071-2/+4
* suppress SPDY/HTTP2 announcement headers, fix #277Maximilian Hils2014-08-032-17/+12
* fix #307Maximilian Hils2014-08-032-9/+19
* fix #317Maximilian Hils2014-08-031-2/+2
* Merge branch 'stream'Maximilian Hils2014-07-318-79/+156
|\
| * add status bar indicator for streamingMaximilian Hils2014-07-251-0/+2
| * workaround: always make sure that flow.response.reply existsMaximilian Hils2014-07-255-7/+9
| * fix to make it so streaming with mitmproxy doesn't explode due to no reply on...Brad Peabody2014-07-241-1/+1
| * always initialize HTTPResponse.stream attributeMaximilian Hils2014-07-232-3/+3
| * add --stream options, various fixesMaximilian Hils2014-07-215-62/+98
| * unify stream handlingMaximilian Hils2014-07-211-41/+24
| * simplify responseheader scripthookMaximilian Hils2014-07-202-19/+9
| * Merge branch 'stream' of https://github.com/bradleypeabody/mitmproxy into streamMaximilian Hils2014-07-202-17/+81
| |\
| | * fixed handling of Transfer-Encoding header during streaming; wrote tests for ...Brad Peabody2014-07-191-16/+22
| | * basic attempt to implement streaming response, needs testingBrad Peabody2014-07-172-5/+63
* | | fix #313Maximilian Hils2014-07-271-2/+8
* | | refactor tcp handling, fix #280Maximilian Hils2014-07-271-32/+37
* | | minor fixesMaximilian Hils2014-07-273-4/+4
* | | fix #259Maximilian Hils2014-07-264-10/+14
* | | if no_upstream_cert is set, include SNI value als SubjectAltName, fix #291Maximilian Hils2014-07-181-0/+2
* | | add transparent proxy mode on windows (docs still missing)Maximilian Hils2014-07-1613-3/+1246
|/ /
* / fix parameter namingMaximilian Hils2014-07-141-5/+5
|/
* make include_content=False work by passing this on to netlib's http.read_resp...Brad Peabody2014-07-121-3/+2
* fix command line helpMaximilian Hils2014-07-061-2/+2
* Merge pull request #300 from zbrdge/freebsd-platformMaximilian Hils2014-07-033-1/+14
|\
| * only support FreeBSD 10+Zack B2014-07-012-2/+2
| * add resolver for FreeBSD using pfctlZack B2014-07-013-1/+14
* | Merge pull request #286 from m0sth8/remove_global_should_exitMaximilian Hils2014-07-033-16/+14
|\ \ | |/ |/|
| * Remove global should_exit and fix testsVyacheslav Bakhmutov2014-06-133-16/+14
* | fix ProxyError inheritanceMaximilian Hils2014-06-251-6/+4
* | expose socknameMaximilian Hils2014-06-252-2/+5
* | add support for certificate chains, refs #174Maximilian Hils2014-05-212-3/+6
|/
* fix up error messagesMaximilian Hils2014-05-153-76/+79
* fix #267Maximilian Hils2014-05-151-1/+3
* re-use cert creation from netlib in handle_sni, fix #272Maximilian Hils2014-05-151-13/+22
* - changed license to MIT, as it is more easily integrated into the mitmproxy ...davidpshaw2014-05-066-69/+105
* - working WBXML parserDavid Shaw2014-05-069-0/+1200
* Merge pull request #269 from shvar/masterMaximilian Hils2014-04-291-1/+3
|\
| * fix default certsEli Shvartsman2014-04-291-1/+1
| * init ProxyConfig.certstore with custom certsEli Shvartsman2014-04-291-0/+2
* | Update server.pyEli Shvartsman2014-04-291-1/+1
|/
* Fix proxy optionsAldo Cortesi2014-04-121-2/+2
* fix issue #260Maximilian Hils2014-04-071-1/+3
* beef up error messagesMaximilian Hils2014-03-261-1/+1
* add requests to requrements, improve error loggingMaximilian Hils2014-03-191-1/+4
* fix minor version stringMaximilian Hils2014-03-191-1/+1
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-20 17:06:32 +0000
pan> +}; + static const struct rt6_info ip6_blk_hole_entry_template = { .dst = { .__refcnt = ATOMIC_INIT(1), @@ -1576,6 +1593,11 @@ int ip6_route_add(struct fib6_config *cf rt->dst.output = ip6_pkt_prohibit_out; rt->dst.input = ip6_pkt_prohibit; break; + case RTN_POLICY_FAILED: + rt->dst.error = -EACCES; + rt->dst.output = ip6_pkt_policy_failed_out; + rt->dst.input = ip6_pkt_policy_failed; + break; case RTN_THROW: default: rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN @@ -2155,6 +2177,17 @@ static int ip6_pkt_prohibit_out(struct s return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); } +static int ip6_pkt_policy_failed(struct sk_buff *skb) +{ + return ip6_pkt_drop(skb, ICMPV6_POLICY_FAIL, IPSTATS_MIB_INNOROUTES); +} + +static int ip6_pkt_policy_failed_out(struct sk_buff *skb) +{ + skb->dev = skb_dst(skb)->dev; + return ip6_pkt_drop(skb, ICMPV6_POLICY_FAIL, IPSTATS_MIB_OUTNOROUTES); +} + /* * Allocate a dst for local (unicast / anycast) address. */ @@ -2357,7 +2390,8 @@ static int rtm_to_fib6_config(struct sk_ if (rtm->rtm_type == RTN_UNREACHABLE || rtm->rtm_type == RTN_BLACKHOLE || rtm->rtm_type == RTN_PROHIBIT || - rtm->rtm_type == RTN_THROW) + rtm->rtm_type == RTN_THROW || + rtm->rtm_type == RTN_POLICY_FAILED) cfg->fc_flags |= RTF_REJECT; if (rtm->rtm_type == RTN_LOCAL) @@ -2559,6 +2593,9 @@ static int rt6_fill_node(struct net *net case -EACCES: rtm->rtm_type = RTN_PROHIBIT; break; + case -EPERM: + rtm->rtm_type = RTN_POLICY_FAILED; + break; case -EAGAIN: rtm->rtm_type = RTN_THROW; break; @@ -2809,6 +2846,8 @@ static int ip6_route_dev_notify(struct n #ifdef CONFIG_IPV6_MULTIPLE_TABLES net->ipv6.ip6_prohibit_entry->dst.dev = dev; net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); + net->ipv6.ip6_policy_failed_entry->dst.dev = dev; + net->ipv6.ip6_policy_failed_entry->rt6i_idev = in6_dev_get(dev); net->ipv6.ip6_blk_hole_entry->dst.dev = dev; net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); #endif @@ -3025,6 +3064,17 @@ static int __net_init ip6_route_net_init net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, ip6_template_metrics, true); + + net->ipv6.ip6_policy_failed_entry = + kmemdup(&ip6_policy_failed_entry_template, + sizeof(*net->ipv6.ip6_policy_failed_entry), GFP_KERNEL); + if (!net->ipv6.ip6_policy_failed_entry) + goto out_ip6_blk_hole_entry; + net->ipv6.ip6_policy_failed_entry->dst.path = + (struct dst_entry *)net->ipv6.ip6_policy_failed_entry; + net->ipv6.ip6_policy_failed_entry->dst.ops = &net->ipv6.ip6_dst_ops; + dst_init_metrics(&net->ipv6.ip6_policy_failed_entry->dst, + ip6_template_metrics, true); #endif net->ipv6.sysctl.flush_delay = 0; @@ -3043,6 +3093,8 @@ out: return ret; #ifdef CONFIG_IPV6_MULTIPLE_TABLES +out_ip6_blk_hole_entry: + kfree(net->ipv6.ip6_blk_hole_entry); out_ip6_prohibit_entry: kfree(net->ipv6.ip6_prohibit_entry); out_ip6_null_entry: @@ -3060,6 +3112,7 @@ static void __net_exit ip6_route_net_exi #ifdef CONFIG_IPV6_MULTIPLE_TABLES kfree(net->ipv6.ip6_prohibit_entry); kfree(net->ipv6.ip6_blk_hole_entry); + kfree(net->ipv6.ip6_policy_failed_entry); #endif dst_entries_destroy(&net->ipv6.ip6_dst_ops); } @@ -3156,6 +3209,9 @@ int __init ip6_route_init(void) init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); + init_net.ipv6.ip6_policy_failed_entry->dst.dev = init_net.loopback_dev; + init_net.ipv6.ip6_policy_failed_entry->rt6i_idev = + in6_dev_get(init_net.loopback_dev); #endif ret = fib6_init(); if (ret)
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-20 17:06:32 +0000