Initial revision

svn:r2

5 files changed, 1074 insertions, 0 deletions

diff --git a/src/httpap/Makefile b/src/httpap/Makefile
new file mode 100644
index 000000000..bb16e1ad4
--- /dev/null
+++ b/src/httpap/Makefile
@@ -0,0 +1,99 @@
+SRC=httpap.c http.c
+OBJ=${SRC:.c=.o}
+PROGS=httpap
+LIB=
+LIBS=
+INCLUDE =
+
+CFLAGS= $(INCLUDE) -Wall -Wpointer-arith -O2 -ggdb
+LDFLAGS = $(LIB) $(LIBS)
+
+all:	${PROGS}
+
+clean:
+	rm -f *.o ${PROGS}
+
+depend:
+	makedepend -- ${CFLAGS} -- ${SRC}
+
+httpap:	${OBJ}
+	$(LINK.c) -o $@ $(OBJ) ../common/log.o ../common/config.o ../common/utils.o
+
+# DO NOT DELETE
+
+
+httpap.o: ../common/config.h ../common/log.h ../common/ss.h ../common/utils.h
+httpap.o: ../common/version.h httpap.h http.h /usr/include/alloca.h
+httpap.o: /usr/include/arpa/inet.h /usr/include/asm/errno.h
+httpap.o: /usr/include/asm/sigcontext.h /usr/include/asm/socket.h
+httpap.o: /usr/include/asm/sockios.h /usr/include/bits/byteswap.h
+httpap.o: /usr/include/bits/confname.h /usr/include/bits/endian.h
+httpap.o: /usr/include/bits/environments.h /usr/include/bits/errno.h
+httpap.o: /usr/include/bits/in.h /usr/include/bits/local_lim.h
+httpap.o: /usr/include/bits/netdb.h /usr/include/bits/posix1_lim.h
+httpap.o: /usr/include/bits/posix2_lim.h /usr/include/bits/posix_opt.h
+httpap.o: /usr/include/bits/pthreadtypes.h /usr/include/bits/resource.h
+httpap.o: /usr/include/bits/sched.h /usr/include/bits/select.h
+httpap.o: /usr/include/bits/sigaction.h /usr/include/bits/sigcontext.h
+httpap.o: /usr/include/bits/siginfo.h /usr/include/bits/signum.h
+httpap.o: /usr/include/bits/sigset.h /usr/include/bits/sigstack.h
+httpap.o: /usr/include/bits/sigthread.h /usr/include/bits/sockaddr.h
+httpap.o: /usr/include/bits/socket.h /usr/include/bits/stdio_lim.h
+httpap.o: /usr/include/bits/time.h /usr/include/bits/types.h
+httpap.o: /usr/include/bits/uio.h /usr/include/bits/waitflags.h
+httpap.o: /usr/include/bits/waitstatus.h /usr/include/bits/wchar.h
+httpap.o: /usr/include/bits/wordsize.h /usr/include/bits/xopen_lim.h
+httpap.o: /usr/include/ctype.h /usr/include/endian.h /usr/include/errno.h
+httpap.o: /usr/include/features.h /usr/include/_G_config.h
+httpap.o: /usr/include/gconv.h /usr/include/getopt.h /usr/include/gnu/stubs.h
+httpap.o: /usr/include/libio.h /usr/include/limits.h
+httpap.o: /usr/include/linux/errno.h /usr/include/linux/limits.h
+httpap.o: /usr/include/netdb.h /usr/include/netinet/in.h
+httpap.o: /usr/include/rpc/netdb.h /usr/include/signal.h /usr/include/stdint.h
+httpap.o: /usr/include/stdio.h /usr/include/stdlib.h /usr/include/string.h
+httpap.o: /usr/include/sys/cdefs.h /usr/include/syslog.h
+httpap.o: /usr/include/sys/resource.h /usr/include/sys/select.h
+httpap.o: /usr/include/sys/socket.h /usr/include/sys/syslog.h
+httpap.o: /usr/include/sys/sysmacros.h /usr/include/sys/time.h
+httpap.o: /usr/include/sys/types.h /usr/include/sys/ucontext.h
+httpap.o: /usr/include/sys/uio.h /usr/include/sys/un.h /usr/include/sys/wait.h
+httpap.o: /usr/include/time.h /usr/include/ucontext.h /usr/include/unistd.h
+httpap.o: /usr/include/wait.h /usr/include/wchar.h /usr/include/xlocale.h
+httpap.o: /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/limits.h
+httpap.o: /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/stdarg.h
+httpap.o: /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/stddef.h
+httpap.o: /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/syslimits.h
+http.o: ../common/log.h ../common/utils.h http.h /usr/include/alloca.h
+http.o: /usr/include/arpa/inet.h /usr/include/asm/errno.h
+http.o: /usr/include/asm/socket.h /usr/include/asm/sockios.h
+http.o: /usr/include/bits/byteswap.h /usr/include/bits/confname.h
+http.o: /usr/include/bits/endian.h /usr/include/bits/environments.h
+http.o: /usr/include/bits/errno.h /usr/include/bits/in.h
+http.o: /usr/include/bits/local_lim.h /usr/include/bits/netdb.h
+http.o: /usr/include/bits/posix1_lim.h /usr/include/bits/posix2_lim.h
+http.o: /usr/include/bits/posix_opt.h /usr/include/bits/pthreadtypes.h
+http.o: /usr/include/bits/sched.h /usr/include/bits/select.h
+http.o: /usr/include/bits/siginfo.h /usr/include/bits/sigset.h
+http.o: /usr/include/bits/sockaddr.h /usr/include/bits/socket.h
+http.o: /usr/include/bits/stdio_lim.h /usr/include/bits/time.h
+http.o: /usr/include/bits/types.h /usr/include/bits/uio.h
+http.o: /usr/include/bits/waitflags.h /usr/include/bits/waitstatus.h
+http.o: /usr/include/bits/wchar.h /usr/include/bits/wordsize.h
+http.o: /usr/include/bits/xopen_lim.h /usr/include/ctype.h
+http.o: /usr/include/endian.h /usr/include/errno.h /usr/include/features.h
+http.o: /usr/include/_G_config.h /usr/include/gconv.h /usr/include/getopt.h
+http.o: /usr/include/gnu/stubs.h /usr/include/libio.h /usr/include/limits.h
+http.o: /usr/include/linux/errno.h /usr/include/linux/limits.h
+http.o: /usr/include/netdb.h /usr/include/netinet/in.h
+http.o: /usr/include/rpc/netdb.h /usr/include/stdint.h /usr/include/stdio.h
+http.o: /usr/include/stdlib.h /usr/include/string.h /usr/include/sys/cdefs.h
+http.o: /usr/include/syslog.h /usr/include/sys/select.h
+http.o: /usr/include/sys/socket.h /usr/include/sys/syslog.h
+http.o: /usr/include/sys/sysmacros.h /usr/include/sys/time.h
+http.o: /usr/include/sys/types.h /usr/include/sys/uio.h /usr/include/sys/un.h
+http.o: /usr/include/time.h /usr/include/unistd.h /usr/include/wchar.h
+http.o: /usr/include/xlocale.h
+http.o: /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/limits.h
+http.o: /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/stdarg.h
+http.o: /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/stddef.h
+http.o: /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/syslimits.h
diff --git a/src/httpap/http.c b/src/httpap/http.c
new file mode 100644
index 000000000..09116cec7
--- /dev/null
+++ b/src/httpap/http.c
@@ -0,0 +1,194 @@
+/*
+ * http.c 
+ * HTTP parsers.
+ *
+ * Matej Pfajfar <mp292@cam.ac.uk>
+ */
+
+/*
+ * Changes :
+ * $Log$
+ * Revision 1.1  2002/06/26 22:45:50  arma
+ * Initial revision
+ *
+ * Revision 1.2  2002/04/02 14:27:33  badbytes
+ * Final finishes.
+ *
+ * Revision 1.1  2002/03/12 23:46:14  mp292
+ * HTTP-related routines.
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "../common/log.h"
+#include "../common/utils.h"
+
+#include "http.h"
+
+int http_get_line(int s, unsigned char **line, size_t *len, struct timeval *conn_tout)
+{
+  int retval =0; /* function return value */
+  unsigned char buf[HTTPAP_MAXLEN]; /* line buffer */
+  unsigned int buflen = 0; /* length of the received data */
+  char got_cr = 0; /* received a CR character and hence expecting a LF */
+  unsigned char c; /* input character */
+
+  if (!line || !len) /* invalid parameters */
+    return -1;
+  
+  while(1)
+  {
+    retval = read_tout(s, &c, 1, MSG_WAITALL, conn_tout);
+    if (retval < 1)
+      return -1;
+    
+    if (buflen >= HTTPAP_MAXLEN)
+      return -1;
+    
+    buf[buflen++] = c;
+    
+    if (got_cr)
+    {
+      if (c != HTTPAP_LF)
+	return -1;
+      else
+	break;
+    }
+    else
+    {
+      if (c == HTTPAP_CR)
+	got_cr = 1;
+    }
+  }
+  
+  *len = buflen;
+  if (buflen)
+  {
+    *line = (unsigned char *)malloc(buflen+1);
+    if (!*line)
+      return -1;
+    else
+    {
+      memcpy((void *)*line,(void *)buf,buflen);
+      (*line)[buflen] = 0; /* add the terminating null character */
+    }
+  }
+  else
+    *line = NULL;
+
+  return 0;
+}
+
+int http_get_version(unsigned char *rl, unsigned char **http_ver)
+{
+  unsigned char *start;
+  unsigned char *end;
+  
+  if (!rl || !http_ver) /* invalid parameters */
+    return -1;
+  
+  start = strrchr(rl, ' ');
+  if (!start)
+    return -1;
+  
+  end = strrchr(rl, HTTPAP_CR);
+  if (!end)
+    return -1;
+  
+  start++;
+  *http_ver = (unsigned char *)malloc(end-start+1);
+  if (!*http_ver)
+    return -1;
+  
+  strncpy(*http_ver, start, end-start);
+  (*http_ver)[end-start] = 0; /* terminating NULL character */
+  
+  return 0;
+}
+
+int http_get_dest(unsigned char *rl, unsigned char **addr, unsigned char **port)
+{
+  unsigned char *start;
+  unsigned char *end;
+  unsigned char *colon;
+
+  if (!rl || !addr || !port) /* invalid parameters */
+    return -1;
+  
+  start = strchr(rl, ' ');
+  if (!start)
+    return -1;
+  start++;
+  /* make sure this is really an http:// address */
+  if (strncmp(start,"http://",7))
+    return -1;
+  
+  start += 7;
+  
+  end = strchr(start,'/');
+  if (!end)
+    return -1;
+  
+  /* check for a :port in the address */
+  colon = strchr(start,':');
+  if (colon)
+  {
+    colon++;
+    *port = (unsigned char *)malloc(end-colon+1);
+    if (!*port)
+      return -1;
+    strncpy(*port,colon, end-colon);
+    (*port)[end-colon] = 0; /* terminating NULL character */
+    end = colon-1;
+  }
+  else
+    *port = NULL;
+  
+  /* extract the server address */
+  *addr = (unsigned char *)malloc(end-start+1);
+  if (!*addr)
+  {
+    if (*port)
+      free((void *)*port);
+    return -1;
+  }
+  strncpy(*addr,start, end-start);
+  (*addr)[end-start] = 0; /* terminating NULL character */
+  
+  return 0;
+}
+
+int http_get_header_name(unsigned char *rl, unsigned char **hname)
+{
+  unsigned char *end;
+  
+  if (!rl || !hname) /* invalid parameters */
+    return -1;
+  
+  end = strchr(rl, ':');
+  if (!end)
+    return -1;
+  
+  *hname = (unsigned char *)malloc(end-rl+1);
+  if (!*hname)
+    return -1;
+  
+  strncpy(*hname,rl,end-rl);
+  (*hname)[end-rl] = 0;
+  
+  return 0;
+}
diff --git a/src/httpap/http.h b/src/httpap/http.h
new file mode 100644
index 000000000..cc2d20ccf
--- /dev/null
+++ b/src/httpap/http.h
@@ -0,0 +1,46 @@
+/*
+ * http.h 
+ * HTTP parsers.
+ *
+ * Matej Pfajfar <mp292@cam.ac.uk>
+ */
+
+/*
+ * Changes :
+ * $Log$
+ * Revision 1.1  2002/06/26 22:45:50  arma
+ * Initial revision
+ *
+ * Revision 1.2  2002/04/02 14:27:33  badbytes
+ * Final finishes.
+ *
+ * Revision 1.1  2002/03/12 23:46:14  mp292
+ * HTTP-related routines.
+ *
+ */
+
+#define HTTPAP_MAXLEN 1024 /* maximum length of a line */
+
+#define HTTPAP_CR '\015'
+#define HTTPAP_LF '\012'
+#define HTTPAP_CRLF "\015\012"
+
+#define HTTPAP_VERSION "HTTP/1.0"
+
+#define HTTPAP_STATUS_LINE_FORBIDDEN HTTPAP_VERSION " 403 Only local connections are allowed." HTTPAP_CRLF
+#define HTTPAP_STATUS_LINE_VERSION_NOT_SUPPORTED HTTPAP_VERSION " 505 Only HTTP/1.0 is supported." HTTPAP_CRLF
+#define HTTPAP_STATUS_LINE_UNAVAILABLE HTTPAP_VERSION " 503 Connection to the server failed." HTTPAP_CRLF
+#define HTTPAP_STATUS_LINE_BAD_REQUEST HTTPAP_VERSION " 400 Invalid syntax." HTTPAP_CRLF
+#define HTTPAP_STATUS_LINE_UNEXPECTED HTTPAP_VERSION " 500 Internal server error." HTTPAP_CRLF
+
+#define HTTPAP_HEADER_PROXY_CONNECTION "Proxy-Connection"
+#define HTTPAP_HEADER_USER_AGENT "User-Agent"
+#define HTTPAP_HEADER_REFERER "Referer"
+
+int http_get_line(int s, unsigned char **line, size_t *len, struct timeval *conn_tout);
+
+int http_get_version(unsigned char *rl, unsigned char **http_ver);
+
+int http_get_dest(unsigned char *rl, unsigned char **addr, unsigned char **port);
+
+int http_get_header_name(unsigned char *rl, unsigned char **hname);
diff --git a/src/httpap/httpap.c b/src/httpap/httpap.c
new file mode 100644
index 000000000..dbcb2e630
--- /dev/null
+++ b/src/httpap/httpap.c
@@ -0,0 +1,702 @@
+/**
+ * httpap.c 
+ * HTTP Application Proxy for Onion Routing
+ *
+ * Matej Pfajfar <mp292@cam.ac.uk>
+ */
+
+/*
+ * Changes :
+ * $Log$
+ * Revision 1.1  2002/06/26 22:45:50  arma
+ * Initial revision
+ *
+ * Revision 1.4  2002/06/14 20:45:26  mp292
+ * Extra debugging message.
+ *
+ * Revision 1.3  2002/04/02 14:27:33  badbytes
+ * Final finishes.
+ *
+ * Revision 1.2  2002/03/12 23:40:58  mp292
+ * Tested.
+ *
+ * Revision 1.1  2002/03/11 00:21:53  mp292
+ * Coding completed. Pending testing.
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <signal.h>
+#include <wait.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "../common/log.h"
+#include "../common/config.h"
+#include "../common/ss.h"
+#include "../common/utils.h"
+#include "../common/version.h"
+
+#include "httpap.h"
+#include "http.h"
+
+int loglevel = LOG_ERR;
+struct timeval conn_tout;
+struct timeval *conn_toutp = &conn_tout;
+
+/* valid command-line options */
+static const char *args = "hf:p:l:";
+
+/* valid config file options */
+static config_opt_t options[] =
+{
+  {"OnionProxy", CONFIG_TYPE_INT, {0}, 0},
+  {"MaxConn", CONFIG_TYPE_INT, {0}, 0},
+  {"Anonimize", CONFIG_TYPE_INT, {0}, 0},
+  {"ConnTimeout", CONFIG_TYPE_INT, {0}, 0},
+  {0}
+};
+enum opts {
+  OnionProxy=0,MaxConn, Anonimize, ConnTimeout
+};
+
+/* number of open connections */
+int connections=0;
+
+/* prints help on using httpap */
+void print_usage()
+{
+  char *program = "httpap";
+  
+  printf("\n%s - HTTP application proxy for Onion Routing.\nUsage : %s -f config [-p port -l loglevel -h]\n-h : display this help\n-f config : config file\n-p port : port number which %s should bind to\n-l loglevel : logging threshold; one of alert|crit|err|warning|notice|info|debug\n\n", program,program,program);
+}
+
+/* used for reaping zombie processes */
+void sigchld_handler(int s)
+{
+  while (wait(NULL) > 0);
+  connections--;
+}
+
+int handle_connection(int new_sock, struct hostent *local, struct sockaddr_in remote, uint16_t op_port)
+{
+  int retval = 0;
+  int i;
+  char islocal = 0; /* is the accepted connection local? */
+  
+  char *cp; /* character pointer used for checking whether the connection is local */
+
+  unsigned char *line; /* one line of input */
+  int len; /* length of the line */
+  
+  unsigned char *http_ver; /* HTTP version of the incoming request */
+  unsigned char *addr; /* destination address */
+  unsigned char *port; /* destination port */
+  unsigned char *header_name; /* name of a request header */
+  
+  uint16_t portn; /* destination port converted into an integer */
+  char *errtest; /* error check when converting the port into an integer */
+  
+  ss_t ss; /* standard structure */
+  unsigned char errcode; /* error code returned by the onion proxy */
+  
+  int sop; /* socket for connecting to the onion proxy */
+  struct sockaddr_in op_addr; /* onion proxy address */
+  
+  /* for use with select() */
+  fd_set mask,rmask;
+  int maxfd;
+  
+  unsigned char buf[1024]; /* data buffer */
+  
+  log(LOG_DEBUG, "handle_connection() : Local address = %s.", inet_ntoa(*(struct in_addr *)local->h_addr));
+  log(LOG_DEBUG, "handle_connection() : Remote address = %s.", inet_ntoa(remote.sin_addr));
+  
+  /* first check that the connection is from the local host, otherwise it will be rejected */
+  if (*(uint32_t *)&remote.sin_addr == inet_addr("127.0.0.1"))
+          islocal = 1;
+  for (i=0; (local->h_addr_list[i] != NULL) && (!islocal); i++)
+  {
+    cp = local->h_addr_list[i];
+    log(LOG_DEBUG,"handle_connection() : Checking if connection is from address %s.",inet_ntoa(*(struct in_addr *)cp));
+    if (!memcmp(&remote.sin_addr, cp, sizeof(struct in_addr)))
+      islocal = 1;
+  }
+  
+  /* bypass this check for testing purposes */
+  islocal = 1;
+  
+  /* reject a non-local connection */
+  if (!islocal)
+  {    
+    close(new_sock);
+    return 0;
+  }
+  
+  /* get the request-line */
+  retval = http_get_line(new_sock, &line, &len, conn_toutp);
+  if (retval == -1)
+  {
+    log(LOG_DEBUG,"handle_connection : Malformed input or connection lost.");
+    write_tout(new_sock, HTTPAP_STATUS_LINE_BAD_REQUEST, strlen(HTTPAP_STATUS_LINE_BAD_REQUEST), conn_toutp);
+    close(new_sock);
+    return -1;
+  }
+  log(LOG_DEBUG,"handle_connection : Received this from client : %s.", line);
+  
+  /* check the HTTP version */
+  retval = http_get_version(line, &http_ver);
+  if (retval == -1)
+  {
+    log(LOG_DEBUG,"handle_connection : Unable to extract the HTTP version of the incoming request.");
+    write_tout(new_sock, HTTPAP_STATUS_LINE_BAD_REQUEST, strlen(HTTPAP_STATUS_LINE_BAD_REQUEST), conn_toutp);
+    return -1;
+  }
+  log(LOG_DEBUG,"handle_connection : Client's version is : %s.",http_ver);
+  if (strcmp(http_ver, HTTPAP_VERSION)) /* not supported */
+  {
+    log(LOG_DEBUG,"handle_connection : Client's version is %s, I only support HTTP/1.0.",http_ver);
+    write_tout(new_sock, HTTPAP_STATUS_LINE_VERSION_NOT_SUPPORTED, strlen(HTTPAP_STATUS_LINE_VERSION_NOT_SUPPORTED), conn_toutp);
+    return -1;
+  }
+  free((void *)http_ver);
+  
+  /* extract the destination address and port */
+  retval = http_get_dest(line, &addr, &port);
+  if (retval == -1)
+  {
+    log(LOG_DEBUG,"handle_connection : Unable to extract destination address and port number.");
+    write_tout(new_sock, HTTPAP_STATUS_LINE_BAD_REQUEST, strlen(HTTPAP_STATUS_LINE_BAD_REQUEST), conn_toutp);
+    return -1;
+  }
+  if (!port) /* no destination port specified, assume the default */
+  {
+    port = (unsigned char *)malloc(6);
+    if (!port)
+    {
+      log(LOG_ERR,"Insufficient memory.");
+      write_tout(new_sock, HTTPAP_STATUS_LINE_UNEXPECTED, strlen(HTTPAP_STATUS_LINE_UNEXPECTED), conn_toutp);
+      return -1;
+    }
+    snprintf(port,6,"%u",htons(HTTPAP_DEFAULT_HTTP_PORT));
+  }
+  else
+  {
+    log(LOG_DEBUG,"handle_connection() : Destination address is %s.",addr);
+    log(LOG_DEBUG,"handle_connection() : Destination port is %s.",port);
+  
+    /* conver the port to an integer */
+    portn = (uint16_t)strtoul(port,&errtest,0);
+    if ((*port == '\0') || (*errtest != '\0')) /* port conversion was unsuccessful */
+    {
+      log(LOG_DEBUG,"handle_connection : Unable to convert destination port.");
+      write_tout(new_sock, HTTPAP_STATUS_LINE_BAD_REQUEST, strlen(HTTPAP_STATUS_LINE_BAD_REQUEST), conn_toutp);
+      return -1;
+    }
+    
+    /* convert to network order and write back to a string */
+    free((void *)port);
+    port = (unsigned char *)malloc(6);
+    if (!port)
+    {
+      log(LOG_ERR,"Insufficient memory.");
+      write_tout(new_sock, HTTPAP_STATUS_LINE_UNEXPECTED, strlen(HTTPAP_STATUS_LINE_UNEXPECTED), conn_toutp);
+      return -1;
+    }
+    
+    snprintf(port,6,"%u",htons(portn));
+  }
+  
+  /* create a standard structure */
+  ss.version = VERSION;
+  ss.protocol = SS_PROTOCOL_HTTP;
+  ss.retry_count = 0;
+  ss.addr_fmt = SS_ADDR_FMT_ASCII_HOST_PORT;
+  
+  /* open a socket for connecting to the proxy */
+  sop = socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
+  if (sop < 0)
+  {
+    log(LOG_DEBUG,"handle_connection() : Error opening socket.");
+    write_tout(new_sock, HTTPAP_STATUS_LINE_UNEXPECTED, strlen(HTTPAP_STATUS_LINE_UNEXPECTED), conn_toutp);
+    return -1;
+  }
+
+  log(LOG_DEBUG,"handle_connection() : Socket opened.");
+  memset((void *)&op_addr,0,sizeof(op_addr)); /* clear the structure first */
+  /* set up the sockaddr_in structure */
+  op_addr.sin_family=AF_INET;
+  op_addr.sin_port=htons(op_port);
+  memcpy((void *)&op_addr.sin_addr,local->h_addr,local->h_length);
+  log(LOG_DEBUG,"handle_connection() : Trying to connect to %s at port %u.",inet_ntoa(*((struct in_addr *)local->h_addr)),op_port);
+  
+  /* try to connect */
+  retval = connect(sop,(struct sockaddr *)&op_addr,sizeof(op_addr));
+  if (retval == -1)
+  {
+    log(LOG_DEBUG,"handle_connection() : Connection to the onion proxy failed.");
+    write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+    close(sop);
+    return -1;
+  }
+  
+  /* send the standard structure and the destination address+port */
+  retval = write_tout(sop,(unsigned char *)&ss, sizeof(ss), conn_toutp);
+  if (retval < sizeof(ss))
+  {
+    write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+    close(sop);
+    return -1;    
+  }
+  retval = write_tout(sop,addr,strlen(addr)+1, conn_toutp);
+  if (retval < strlen(addr)+1)
+  {
+    write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+    close(sop);
+    return -1;
+  }
+  retval = write_tout(sop,port,strlen(port)+1, conn_toutp);
+  if (retval < strlen(port)+1)
+  {
+    write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+    close(sop);
+    return -1;
+  }
+  
+  /* wait for a return code */
+  retval = read_tout(sop, &errcode, 1, MSG_WAITALL, conn_toutp);
+  if (retval < 1)
+  {
+    write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+    close(sop);
+    return -1;
+  }
+  
+  if (!errcode) /* onion proxy says OK */
+  {
+    /* send the request-line */
+    retval = write_tout(sop, line, strlen(line), conn_toutp);
+    if (retval < strlen(line))
+    {
+      write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+      close(new_sock);
+      return -1;
+    }
+    free((void *)line);
+    
+    /* read the request headers (if any) and sanitize if necessary */
+    while(1)
+    {
+      retval = http_get_line(new_sock, &line, &len, conn_toutp);
+      if (retval == -1)
+      {
+	log(LOG_DEBUG,"handle_connection() : Malformed input or connection lost.");
+	write_tout(new_sock, HTTPAP_STATUS_LINE_BAD_REQUEST, strlen(HTTPAP_STATUS_LINE_BAD_REQUEST), conn_toutp);
+	close(new_sock);
+	return -1;
+      }
+      log(LOG_DEBUG,"handle_connection() : Received this from client : %s.", line);
+      
+      if (len == 2) /* empty line (CRLF only) signifying the end of headers  */
+      {
+	log(LOG_DEBUG,"handle_connection() : Empty line received.");
+	retval = write_tout(sop,line,strlen(line),conn_toutp);
+	if (retval < strlen(line))
+	{
+	  write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+	  close(new_sock);
+	  return -1;
+	}
+	free((void *)line);
+	break;
+      }
+      else /* process the header */
+      {
+	retval = http_get_header_name(line, &header_name);
+	if (retval == -1)
+	{
+	  log(LOG_DEBUG,"handle_connection : Unable to extract header name.");
+	  write_tout(new_sock, HTTPAP_STATUS_LINE_BAD_REQUEST, strlen(HTTPAP_STATUS_LINE_BAD_REQUEST), conn_toutp);
+	  return -1;
+	}
+	log(LOG_DEBUG,"handle_connection : Identified the header as %s.", header_name);
+	
+	/* discard the Proxy-Connection header */
+	if (!strcmp(header_name,HTTPAP_HEADER_PROXY_CONNECTION))
+	  free((void *)line);
+	else if (options[Anonimize].r.i) /* did the user request anonimization? */
+	{
+	  if (!strcmp(header_name,HTTPAP_HEADER_USER_AGENT))
+	    free((void *)line);
+	  else if (!strcmp(header_name, HTTPAP_HEADER_REFERER))
+	    free((void *)line);
+	  else
+	  {
+	    retval = write_tout(sop, line, strlen(line), conn_toutp);
+	    if (retval < strlen(line))
+	    {
+	      write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+	      close(new_sock);
+	      return -1;
+	    }
+	  }
+	}
+	else
+	{
+	  retval = write_tout(sop, line, strlen(line), conn_toutp);
+	  if (retval < strlen(line))
+	  {
+	    write_tout(new_sock, HTTPAP_STATUS_LINE_UNAVAILABLE, strlen(HTTPAP_STATUS_LINE_UNAVAILABLE), conn_toutp);
+	    close(new_sock);
+	    return -1;
+	  }
+	}
+	
+	free((void *)header_name);
+      }
+    }
+    
+    /* forward data in both directions until one of the principals closes it */
+    /* set up for select() */
+    log(LOG_DEBUG,"Header processed, forwarding data in both directions.");
+    FD_ZERO(&mask);
+    FD_ZERO(&rmask);
+    FD_SET(new_sock, &mask);
+    FD_SET(sop, &mask);
+    if (sop > new_sock)
+      maxfd = sop;
+    else
+      maxfd = new_sock;
+    
+    while(1)
+    {
+      rmask = mask;
+      retval = select(maxfd+1,&rmask,NULL,NULL,NULL);
+      if (retval < 0)
+      {
+	log(LOG_DEBUG,"handle_connection() : select() returned a negative integer");
+	break;
+      }
+      
+      if (FD_ISSET(sop,&rmask)) /* data from the onion proxy */
+      {
+	retval = read_tout(sop,buf,1024,0,conn_toutp);
+	if (retval <= 0)
+	{
+	  log(LOG_DEBUG,"handle_connection : Conection to the onion proxy lost.");
+	  close(sop);
+	  close(new_sock);
+	  break;
+	}
+	log(LOG_DEBUG,"handle_connection() : Received %u bytes from the onion proxy.",retval);
+	
+	retval = write_tout(new_sock, buf, retval, conn_toutp);
+	if (retval <= 0)
+	{
+	  log(LOG_DEBUG, "handle_connection : Connection to the client lost.");
+	  close(sop);
+	  close(new_sock);
+	  break;
+	}
+      }
+      
+      if (FD_ISSET(new_sock, &rmask))
+      {
+	retval = read_tout(new_sock,buf,1024,0,conn_toutp);
+	if (retval <= 0)
+	{
+	  log(LOG_DEBUG,"handle_connection : Conection to the client lost.");
+	  close(sop);
+	  close(new_sock);
+	  break;
+	}
+	log(LOG_DEBUG,"handle_connection() : Received %u bytes from the client.",retval);
+	
+	retval = write_tout(sop, buf, retval, conn_toutp);
+	if (retval <= 0)
+	{
+	  log(LOG_DEBUG, "handle_connection : Connection to the onion proxy lost.");
+	  close(sop);
+	  close(new_sock);
+	  break;
+	}
+      }
+    }
+    
+  }
+  else
+  {
+    log(LOG_DEBUG,"handle_connection() : Onion proxy returned a non-zero error code (%d)!", errcode);
+    write_tout(new_sock, HTTPAP_STATUS_LINE_UNEXPECTED, strlen(HTTPAP_STATUS_LINE_UNEXPECTED), conn_toutp);
+    close(sop);
+    return -1;
+  }
+  
+  return 0;
+}
+
+int main(int argc, char *argv[])
+{
+  int retval = 0;
+  
+  char c; /* command-line option */
+  
+  /* configuration file */
+  char *conf_filename = NULL;
+  FILE *cf = NULL;
+  
+  struct hostent *local_host;
+  char local_hostname[512];
+  
+  struct sockaddr_in local, remote; /* local and remote address info */
+  
+  int request_sock; /* where we listen for connections */
+  int new_sock; /* for accepted connections */
+  
+  size_t sin_size; /* for accept() calls */
+  
+  u_short p; /* http proxy port */
+  u_short op_port; /* onion proxy port */
+  
+  /* used for reaping zombie processes */
+  struct sigaction sa;
+  
+  char *errtest = NULL; /* for detecting strtoul() errors */
+  
+  /* set default listening port */
+  p = htons(HTTPAP_LISTEN_PORT);
+  
+  /* deal with program arguments */
+  if ((argc < 2) && (argc > 5)) /* to few or too many arguments*/
+  {
+    print_usage();
+    return -1;
+  }
+  
+  opterr = 0;
+  while ((c = getopt(argc,argv,args)) != -1)
+  {
+    switch(c)
+    {
+     case 'f': /* config file */
+      conf_filename = optarg;
+      break;
+     case 'p':
+      p = htons((u_short)strtoul(optarg,&errtest,0));
+      if (errtest == optarg) /* error */
+      {
+	log(LOG_ERR,"Error : -p must be followed by an unsigned positive integer value.");
+	print_usage();
+	return -1;
+      }
+      break;
+     case 'h':
+      print_usage();
+      return 0;
+      break;
+     case 'l':
+      if (!strcmp(optarg,"emerg"))
+	loglevel = LOG_EMERG;
+      else if (!strcmp(optarg,"alert"))
+	loglevel = LOG_ALERT;
+      else if (!strcmp(optarg,"crit"))
+	loglevel = LOG_CRIT;
+      else if (!strcmp(optarg,"err"))
+	loglevel = LOG_ERR;
+      else if (!strcmp(optarg,"warning"))
+	loglevel = LOG_WARNING;
+      else if (!strcmp(optarg,"notice"))
+	loglevel = LOG_NOTICE;
+      else if (!strcmp(optarg,"info"))
+	loglevel = LOG_INFO;
+      else if (!strcmp(optarg,"debug"))
+	loglevel = LOG_DEBUG;
+      else
+      {
+	log(LOG_ERR,"Error : argument to -l must be one of alert|crit|err|warning|notice|info|debug.");
+	print_usage();
+	return -1;
+      }
+      break;
+     case '?':
+      if (isprint(c))
+	log(LOG_ERR,"Missing argument or unknown option '-%c'.",optopt);
+      else
+	log(LOG_ERR,"Unknown option character 'x%x'.",optopt);
+      print_usage();
+      return -1;
+      break;
+     default:
+      abort();
+    }
+  }
+  
+  /* the -f option is mandatory */
+  if (conf_filename == NULL)
+  {
+    log(LOG_ERR,"You must specify a config file with the -f option. See help (-h).");
+    return -1;
+  }
+  
+  /* load config file */
+  cf = open_config(conf_filename);
+  if (!cf)
+  {
+    log(LOG_ERR,"Could not open configuration file %s.",conf_filename);
+    return -1;
+  }
+  retval = parse_config(cf,options);
+  if (retval)
+    return -1;
+
+  if (options[OnionProxy].err != 1)
+  {
+    log(LOG_ERR,"The OnionProxy option is mandatory.");
+    return -1;
+  }
+  
+  if (options[MaxConn].err != 1)
+  {
+    log(LOG_ERR,"The MaxConn option is mandatory.");
+    return -1;
+  }
+  
+  if (options[Anonimize].err != 1)
+  {
+    log(LOG_ERR,"The Anonimize option is mandatory.");
+    return -1;
+  }
+  else if ((options[Anonimize].r.i != 0) && (options[Anonimize].r.i != 1))
+  {
+    log(LOG_ERR,"The Anonimize option takes the values 1 or 0.");
+    return -1;
+  }
+  
+  if (options[ConnTimeout].err != 1)
+  {
+    conn_tout.tv_sec = HTTPAP_DEFAULT_CONN_TIMEOUT;
+  }
+  else
+  {
+    if (!options[ConnTimeout].r.i)
+      conn_toutp = NULL;
+    else
+      conn_tout.tv_sec = options[ConnTimeout].r.i;
+  }
+  conn_tout.tv_usec = 0;
+  
+  op_port = (u_short)options[OnionProxy].r.i;
+  
+  /* get local address so that we know where to get the onion proxy when we need it */
+  retval = gethostname(local_hostname, (size_t)512);
+  if (retval < 0)
+  {
+    log(LOG_ERR,"Error getting local hostname");
+    return -1;
+  }
+  local_host = gethostbyname(local_hostname);
+  if (!local_host)
+  {
+    log(LOG_ERR,"Error getting local address.");
+    return -1;
+  }
+  log(LOG_DEBUG,"main() : Got local address : %s.",local_hostname);
+  
+  /* get the server up and running */
+  request_sock = socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
+  if (request_sock < 0)
+  {
+    log(LOG_ERR,"Error opening socket.");
+    return -1;
+  }
+  log(LOG_DEBUG,"Socket opened.");
+  memset((void *)&local,0,sizeof(local)); /* clear the structure first */
+  /* set up the sockaddr_in structure */
+  local.sin_family=AF_INET;
+  local.sin_addr.s_addr = INADDR_ANY;
+  local.sin_port=p;
+  /* bind it to the socket */
+  retval = bind(request_sock,(struct sockaddr *)&local, sizeof(local));
+  if (retval < 0)
+  {
+    log(LOG_ERR,"Error binding socket to local port %d.",ntohs(p));
+    return retval;
+  }
+  log(LOG_DEBUG,"Socket bound to port %d.",ntohs(p));
+  /* listen for connections */
+  retval = listen(request_sock,SOMAXCONN);
+  if (retval < 0)
+  {
+    log(LOG_ERR,"Could not listen for connections.");
+    return retval;
+  }
+  log(LOG_DEBUG,"Listening for connections.");
+  /* server should now be up and running */
+
+  /* install the signal handler for making sure zombie processes are killed */
+  sa.sa_handler = sigchld_handler;
+  sigemptyset(&sa.sa_mask);
+  sa.sa_flags = SA_RESTART;
+  retval = sigaction(SIGCHLD,&sa,NULL);
+  if (retval < 0)
+  {
+    log(LOG_ERR,"Could not install a signal handler.");
+    return -1;
+  }
+
+  /* main server loop */
+  /* I use a forking server technique - this isn't the most efficient way to do it,
+   * but it is simpler. */
+  while(1) 
+  {
+    sin_size = sizeof(struct sockaddr_in);
+    new_sock = accept(request_sock,(struct sockaddr *)&remote,&sin_size);
+    if (new_sock == -1)
+    {
+      if (errno != EINTR)
+	log(LOG_ERR,"Could not accept socket connection.");
+      else
+	log(LOG_DEBUG,"Interrupt received.");
+      continue;
+    }
+    if (connections >= options[MaxConn].r.i)
+    {
+      log(LOG_NOTICE,"Number of maximum connections reached. Rejecting incoming request.");
+      close(new_sock);
+      continue;
+    }
+    
+    log(LOG_DEBUG,"Accepted a connection from %s.",inet_ntoa(remote.sin_addr));
+    connections++;
+    
+    if (!fork()) /* this is the child process */
+    {
+      close(request_sock); /* the child doesn't need the request socket anymore */
+
+      /* Main logic of httpap. */
+      retval = handle_connection(new_sock, local_host, remote, op_port);
+      /* End main logic */
+      
+      exit(retval); /* done, exit */
+    }
+    
+    close(new_sock); /* don't need this anymore */
+  }
+
+  return retval;
+
+}
+
diff --git a/src/httpap/httpap.h b/src/httpap/httpap.h
new file mode 100644
index 000000000..d15516141
--- /dev/null
+++ b/src/httpap/httpap.h
@@ -0,0 +1,33 @@
+/**
+ * http.h
+ * HTTP Application Proxy for Onion Routing
+ *
+ * Matej Pfajfar <mp292@cam.ac.uk>
+ */
+
+/*
+ * Changes :
+ * $Log$
+ * Revision 1.1  2002/06/26 22:45:50  arma
+ * Initial revision
+ *
+ * Revision 1.1  2002/03/11 00:21:53  mp292
+ * Coding completed. Pending testing.
+ *
+ */
+
+#ifndef __HTTPAP_H
+
+#define __HTTPAP_H
+
+/* default listening port */
+#define HTTPAP_LISTEN_PORT 8080
+
+/* default SMTP port */
+#define HTTPAP_DEFAULT_HTTP_PORT 80
+
+/* default connection timeout */
+#define HTTPAP_DEFAULT_CONN_TIMEOUT 120; /* 120s */
+
+#endif
+