summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* fix overlapped memcpyTimo Teräs2015-06-033-3/+3
|
* sqdb-build: fix pruning to not delete locked entriesTimo Teräs2015-06-021-10/+12
|
* all: avoid garbling status messages which are sent to syslogAlex Dowad2015-05-011-1/+1
| | | | Fixed bug introduced in eb5b69d.
* filter: default path is const and thus non-writableTimo Teräs2014-11-271-3/+2
| | | | | fix crash that would happen in blob_lowercase due to trying to write rodata.
* fix missing symbols from lua moduleTimo Teräs2014-11-211-1/+1
|
* squark-filter, squark-auth-ip: avoid overflow of login_name bufferAlex Dowad2014-05-013-3/+7
|
* squark-auth-ip: don't print nulls at end of usernameAlex Dowad2014-05-012-1/+2
|
* filterdb: remove dead codeAlex Dowad2014-04-271-2/+0
|
* squark-filter: in verbose mode, report category of each processed URLAlex Dowad2014-04-271-3/+14
|
* squark-auth-ip: don't print IP addresses backwardsAlex Dowad2014-04-251-2/+2
|
* all: parse squark.conf correctly even if there is no trailing newlineAlex Dowad2014-04-251-1/+2
|
* squark-filter, squark-auth-ip: filter DB file path can be set using -d optionAlex Dowad2014-04-254-4/+10
|
* squark-filter, squark-auth-ip: config file path can be set using -c optionAlex Dowad2014-04-254-4/+10
|
* squark-filter: reject lines with invalid IP addressesAlex Dowad2014-04-251-1/+5
| | | | Input lines which contain client IPs with octets > 255 will not be processed.
* filterdb: report errorsAlex Dowad2014-04-251-5/+18
|
* authdb: report errors in adbc_refreshAlex Dowad2014-04-251-2/+6
|
* squark-filter: correctly identify URLs which use percent encodingAlex Dowad2014-04-252-1/+44
|
* squark-filter: correctly identify URLs which use ..Alex Dowad2014-04-252-1/+9
| | | | | | Previously squark-filter could be tricked into passing forbidden URLs by using /../ in the path. This bug resulted from confusion about which way to shrink/grow "blob" buffers in when canonicalizing URLs.
* squark-filter: correctly identify URLs with uppercase chars in pathAlex Dowad2014-04-253-0/+10
| | | | | squark.db stores all filtered domains/URLs in lowercase. So when querying the filter DB, we need to convert the input URL to lowercase.
* all: report errors if calls to write() failAlex Dowad2014-04-253-5/+15
| | | | This also quiets compiler warnings for "ignored return values".
* authdb: report errors in authdb_me_openAlex Dowad2014-04-251-3/+16
|
* all: unified framework for reporting errors/warnings/info messages to ↵Alex Dowad2014-04-257-64/+167
| | | | stderr/syslog
* squark-auth-ip: don't segfault if there is an error in the auth DBAlex Dowad2014-04-251-1/+1
|
* squark-filter: don't segfault if there is an error in the auth DBAlex Dowad2014-04-251-22/+27
| | | | [tt] renamed .htm to .html
* all: fix #includes for strict complianceTimo Teräs2013-12-193-2/+4
|
* auth-snmp: use ifIndex as ifName if that MIB entry is not supportTimo Teräs2013-02-261-13/+43
| | | | E.g. HP ProCurve 1800 does not seem to support ifName.
* auth-snmp: allow specifying management network prefixTimo Teräs2013-02-065-16/+101
| | | | | So we don't go and try querying untrusted LLDP capable devices in non-managed subnets.
* squark-filter: fix path component lookupTimo Teräs2012-11-121-2/+2
| | | | | | | Do not do string literal lookup unless the path parent matches. This avoids wrong string literal lookups when the path does not exist and refers actuall to an entry which is IPv4 encoded (parent == SQDB_PARENT_IPV4).
* filterdb: check section limits for literal stringsTimo Teräs2012-11-121-1/+7
|
* authdb: fix authdb entry locationKolar Uros2012-07-161-1/+1
| | | | | Commit 5a28c352a2f6de525 forgot to update the byte used for hash offset index. Fix that.
* authdb: ipv4 is in network order; not host orderTimo Teräs2012-04-121-2/+2
|
* auth-snmp: fix a crashTimo Teräs2012-02-141-9/+14
| | | | | Can't call blob_push_formatted_username unless authentication is successfully completed.
* filter: fix lookup of urls with path componentsv0.4.1Timo Teräs2012-01-251-1/+14
|
* build: fix lua module building, and disable -WerrorTimo Teräs2012-01-251-2/+4
|
* auth-snmp: commit login only if credentials are not validTimo Teräs2012-01-101-12/+19
| | | | | | This makes sure the other session things are not reset when the squid helper cache needs revalidation. Fixes premature reset of override timestamp amongst other issues.
* auth-ip, filter: refresh configurationTimo Teräs2012-01-102-0/+2
|
* authdb: fix config file modification detectionTimo Teräs2012-01-041-2/+2
|
* lua, filter: fix 64-bit issuesv0.4Timo Teräs2011-10-072-2/+2
|
* filter: fix previous commitLuke Stuart2011-09-281-3/+2
| | | | it was hard-blocking everything incorrectly.
* filter: use different block page if category is forbiddenDuane Hughes2011-09-151-2/+4
| | | | fixes #719
* auth-snmp: fix q-bridge-mib vlan queriesv0.3Timo Teräs2011-09-051-11/+35
| | | | | | The queries use Q-BRIDGE-MIB's qVlanId which is switch specific mapping. Exception seems to be 1810G's which use the real VLAN index.
* filter: option to allow automatic anonymous loginTimo Teräs2011-09-015-2/+33
| | | | | | so no captive portal, snmp or squid authentication is required. fixes #737.
* auth-snmp: implement Q-BRIDGE-MIB FIB queriesTimo Teräs2011-07-191-26/+49
| | | | | | | | Certain switches seem to export FIB of tagged VLANs only in the Q-BRIDGE-MIB only. Detect if switch support Q-BRIDGE-MIB during information discovery, and prefer it over the older BRIDGE-MIB. Q-BRIDGE-MIB should be used anyway, since it's the only reliable way to trace MAC properly when it appears in multiple VLANs.
* filter: honor squid authenticationv0.2Timo Teräs2011-06-141-0/+5
| | | | | | Instead of having separate modes (which would likely need to be configurable on per-subnet or per-user, anyway), honour just the squid reported username.
* Revert "filter: support filter-only and track-only modes"Timo Teräs2011-06-141-61/+9
| | | | This reverts commit a1277ab45a9d2bab9ca28baf05f978bf8066d928.
* Revert "filter: rename modes to something that makes more sense"Timo Teräs2011-06-141-29/+25
| | | | This reverts commit a4180db79a80882f81bc8c880ec1e2db5ee9bf6d.
* filter: rename modes to something that makes more senseTimo Teräs2011-06-141-25/+29
| | | | | Also, make sure the categorize mode is not touching authdb datastructures as they are invalid in that mode.
* filter: support filter-only and track-only modesTimo Teräs2011-06-141-9/+61
|
* filter: return categorization and blocked/overridden statusTimo Teräs2010-11-181-3/+11
| | | | | return the analysis back to squid as urlgroup. it can be then used in squid config acl's and logging (with patch). ref #447.
* auth-snmp: option to syslog authentication requestsTimo Teräs2010-11-091-3/+51
| | | | Including some information where it fails.
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 11:46:22 +0000