extensive comments moved to user manual.
Florian Effenberger
Markus Elfring
Dean Gaudet
+ Stephen Gildea
Daniel Griscom
Felix Gröbert
Aaron Hamid
- Fix socks requests on big-endian platforms. Patch provided by Song Weijia.
- Rejected CONNECT requests are logged with log level info
(enabled by default) and the reason for the block.
+- New command line option "--pre-chroot-nslookup hostname" to
+ intialize the resolver library before chroot'ing. On some systems this
+ reduces the number of files that must be copied into the chroot tree.
+ (Patch provided by Stephen Gildea)
- Minor code clean-ups, filter and action file updates.
- (Some of them reported by Davide Alberani, Markus Elfring
- and Adam Piggott)
+ (Some of them reported by Davide Alberani, Markus Elfring,
+ Stefan Huehner and Adam Piggott)
*** Version 3.0.6 ***
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.34 2007/08/05 15:19:50 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.35 2007/08/26 14:59:49 fabiankeil Exp $
Copyright (C) 2001-2007 Privoxy Developers http://www.privoxy.org/
See LICENSE.
</subscript>
</pubdate>
-<pubdate>$Id: user-manual.sgml,v 2.34 2007/08/05 15:19:50 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.35 2007/08/26 14:59:49 fabiankeil Exp $</pubdate>
<!--
<listitem>
<para>
<emphasis>--pidfile FILE</emphasis>
-
</para>
<para>
On startup, write the process ID to <emphasis>FILE</emphasis>. Delete the
<listitem>
<para>
<emphasis>--user USER[.GROUP]</emphasis>
-
</para>
<para>
After (optionally) writing the PID file, assume the user ID of
privileges are not sufficient to do so. Unix only.
</para>
</listitem>
- <listitem>
+ <listitem>
<para>
<emphasis>--chroot</emphasis>
-
</para>
<para>
Before changing to the user ID given in the <emphasis>--user</emphasis> option,
Unix only.
</para>
</listitem>
+ <listitem>
+ <para>
+ <emphasis>--pre-chroot-nslookup hostname</emphasis>
+ </para>
+ <para>
+ Specifies a hostname to look up before doing a chroot. On some systems, initializing the
+ resolver library involves reading config files from /etc and/or loading additional shared
+ libraries from /lib. On these systems, doing a hostname lookup before the chroot reduces
+ the number of files that must be copied into the chroot tree.
+ </para>
+ <para>
+ For fastest startup speed, a good value is a hostname that is not in /etc/hosts but that
+ your local name server (listed in /etc/resolv.conf) can resolve without recursion
+ (that is, without having to ask any other name servers). The hostname doesn't need not exist,
+ but if it doesn't, an error message (which can be ignored) will be output.
+ </para>
+ </listitem>
+
<listitem>
<para>
<emphasis>configfile</emphasis>
USA
$Log: user-manual.sgml,v $
+ Revision 2.35 2007/08/26 14:59:49 fabiankeil
+ Minor rewordings and fixes.
+
Revision 2.34 2007/08/05 15:19:50 fabiankeil
- Don't claim HTTP/1.1 compliance.
- Use $ in some of the path pattern examples.
-const char jcc_rcs[] = "$Id: jcc.c,v 1.146 2007/08/20 17:09:32 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.147 2007/08/25 14:42:40 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.147 2007/08/25 14:42:40 fabiankeil
+ * Don't crash if a broken header filter wiped out the request line.
+ *
* Revision 1.146 2007/08/20 17:09:32 fabiankeil
* Fix byte_count calculation in case of flushes
* and don't parse the server headers a second time.
#endif /* defined(unix) */
"[--help] "
#if defined(unix)
- "[--no-daemon] [--pidfile pidfile] [--user user[.group]] "
+ "[--no-daemon] [--pidfile pidfile] [--pre-chroot-nslookup hostname] [--user user[.group]] "
#endif /* defined(unix) */
"[--version] [configfile]\n"
"Aborting\n", myname);
struct group *grp = NULL;
char *p;
int do_chroot = 0;
+ char *pre_chroot_nslookup_to_load_resolver = NULL;
#endif
Argc = argc;
if (p != NULL) *--p = '\0';
}
+ else if (strcmp(argv[argc_pos], "--pre-chroot-nslookup" ) == 0)
+ {
+ if (++argc_pos == argc) usage(argv[0]);
+ pre_chroot_nslookup_to_load_resolver = strdup(argv[argc_pos]);
+ }
+
else if (strcmp(argv[argc_pos], "--chroot" ) == 0)
{
do_chroot = 1;
{
log_error(LOG_LEVEL_FATAL, "Home directory for %s undefined", pw->pw_name);
}
+ /* Read the time zone file from /etc before doing chroot. */
+ tzset();
+ if (NULL != pre_chroot_nslookup_to_load_resolver
+ && '\0' != pre_chroot_nslookup_to_load_resolver[0])
+ {
+ /* Initialize resolver library. */
+ (void) resolve_hostname_to_ip(pre_chroot_nslookup_to_load_resolver);
+ }
if (chroot(pw->pw_dir) < 0)
{
log_error(LOG_LEVEL_FATAL, "Cannot chroot to %s", pw->pw_dir);