Here is a patch for correct X-Forwarded-For: headers

Hi,

we thank Christian Carstensen <cpunkt_at_ccc.de> for writing
a patch solving our problem with missing X-Forwarded-For
headers for Mozilla browsers.

He said this is a dirty patch and will probably cause
problems on other platforms than FreeBSD. But it's
working for us and solved our problem completely.

Additionaly he replaced pen_strncasecmp and pen_strcasestr
with their standard library equivalents, which should
perform better.

The X-Forwarded-For problem seems to be a timing problem
under heavy load.

Regards
Sirko Zidlewitz

--
/7\ bytecamp GmbH / Managing Director
Geschwister-Scholl-Str. 10, 14776 Brandenburg a.d. Havel, Germany
tel +49 3381 79637-0 werktags 10-12,13-17 Uhr, fax +49 3381 79637-20
mail sz@bytecamp.net, web http://bytecamp.net/
*** pen.c.orig	Fri Dec 30 11:10:04 2005
--- pen.c	Wed Mar  8 17:12:53 2006
***************
*** 51,56 ****
--- 51,58 ----
  #include <string.h>
  #include <pwd.h>
  
+ #include <strings.h>
+ 
  #ifdef HAVE_SSL
  #include <openssl/ssl.h>
  #include <openssl/err.h>
***************
*** 111,116 ****
--- 113,119 ----
  	time_t last;		/* last time this client made a connection */
  	struct in_addr addr;	/* of client */
  	int cno;		/* server used last time */
+ 	int read_in_header;
  	long connects;
  	long long csx, crx;
  } client;
***************
*** 245,275 ****
  	return strcpy(b, p);
  }
  
- static int pen_strncasecmp(const char *p, const char *q, size_t n)
- {
- 	size_t i = 0;
- 	int c = 0;
- 
- 	while ((i < n) && !(c = toupper(*p)-toupper(*q)) && *p) {
- 		p++;
- 		q++;
- 		i++;
- 	}
- 	return c;
- }
- 
- static char *pen_strcasestr(const char *haystack, const char *needle)
- {
- 	char *p = (char *)haystack;
- 	int n = strlen(needle);
- 
- 	while (*p) {
- 		if (!pen_strncasecmp(p, needle, n)) return p;
- 		p++;
- 	}
- 	return NULL;
- }
- 
  #ifdef HAVE_SSL
  static int ssl_verify_cb(int ok, X509_STORE_CTX *ctx)
  {
--- 248,253 ----
***************
*** 823,829 ****
  
      client_ip timestamp server_ip request
  */
! static void log(FILE *fp, int i, unsigned char *b, int n)
  {
  	int j;
  	if (n > KEEP_MAX) n = KEEP_MAX;
--- 801,807 ----
  
      client_ip timestamp server_ip request
  */
! static void logmsg(FILE *fp, int i, unsigned char *b, int n)
  {
  	int j;
  	if (n > KEEP_MAX) n = KEEP_MAX;
***************
*** 846,856 ****
  
  	if (debuglevel > 1) debug("rewrite_request(%d, %d, %s)", i, n, b);
  
! 	if (pen_strncasecmp(b, "GET ", 4) &&
! 	    pen_strncasecmp(b, "POST ", 5) &&
! 	    pen_strncasecmp(b, "HEAD ", 5)) {
! 		return n;	/* You can't touch this */
  	}
  	if (debuglevel) debug("Looking for CRLFCRLF");
  	q = strstr(b, "\r\n\r\n");
  	/* Steve Hall <steveh_at_intrapower.com.au> tells me that
--- 824,837 ----
  
  	if (debuglevel > 1) debug("rewrite_request(%d, %d, %s)", i, n, b);
  
! 	if (!(strncasecmp(b, "GET ", 4) &&
! 	      strncasecmp(b, "POST ", 5) &&
! 	      strncasecmp(b, "HEAD ", 5))) {
! 		clients[conns[i].clt].read_in_header = 1;
! 	} else if (!clients[conns[i].clt].read_in_header) {
! 		return n;
  	}
+ 
  	if (debuglevel) debug("Looking for CRLFCRLF");
  	q = strstr(b, "\r\n\r\n");
  	/* Steve Hall <steveh_at_intrapower.com.au> tells me that
***************
*** 863,872 ****
  #if 0	/* how is that supposed to happen? */
  	if (q >= b+n) return n;		/* outside of buffer */
  #endif
  	/* Look for existing X-Forwarded-For */
  	if (debuglevel) debug("Looking for X-Forwarded-For");
  
! 	if (pen_strcasestr(b, "\nX-Forwarded-For:")) return n;
  
  	if (debuglevel) debug("Adding X-Forwarded-For");
  	/* Didn't find one, add our own */
--- 844,856 ----
  #if 0	/* how is that supposed to happen? */
  	if (q >= b+n) return n;		/* outside of buffer */
  #endif
+ 
+ 	clients[conns[i].clt].read_in_header = 0;
+ 
  	/* Look for existing X-Forwarded-For */
  	if (debuglevel) debug("Looking for X-Forwarded-For");
  
! 	if (strcasestr(b, "\nX-Forwarded-For:")) return n;
  
  	if (debuglevel) debug("Adding X-Forwarded-For");
  	/* Didn't find one, add our own */
***************
*** 923,930 ****
  		if (debuglevel > 2) dump(b, rc);
  
  		if (logfp) {
! 			log(logfp, i, b, rc);
! 			if (debuglevel > 2) log(stderr, i, b, rc);
  		}
  		if (logsock != -1) {
  			netlog(logsock, i, b, rc);
--- 907,914 ----
  		if (debuglevel > 2) dump(b, rc);
  
  		if (logfp) {
! 			logmsg(logfp, i, b, rc);
! 			if (debuglevel > 2) logmsg(stderr, i, b, rc);
  		}
  		if (logsock != -1) {
  			netlog(logsock, i, b, rc);
***************
*** 1947,1952 ****
--- 1931,1937 ----
  	struct sockaddr_in cli_addr;
  	fd_set w_read, w_write, w_error;
  	int i, w_max;
+ 	
  	usr1action.sa_handler = stats;
  	sigemptyset(&usr1action.sa_mask);
  	usr1action.sa_flags = 0;
***************
*** 1967,1975 ****
  	alrmaction.sa_flags = 0;
  	signal(SIGPIPE, SIG_IGN);
  
  	loopflag = 1;
  
- 	if (debuglevel) debug("mainloop_select()");
  	while (loopflag) {
  		int n;
  
--- 1952,1961 ----
  	alrmaction.sa_flags = 0;
  	signal(SIGPIPE, SIG_IGN);
  
+ 	if (debuglevel) debug("mainloop_select()");
+ 
  	loopflag = 1;
  
  	while (loopflag) {
  		int n;
  
***************
*** 1978,1983 ****
--- 1964,1970 ----
  			else textstats();
  			do_stats=0;
  		}
+ 
  		if (do_restart_log) {
  			if (logfp) {
  				fclose(logfp);
***************
*** 1988,1997 ****
--- 1975,1987 ----
  			read_cfg(cfgfile);
  			do_restart_log=0;
  		}
+ 
  		FD_ZERO(&w_read);
  		FD_ZERO(&w_write);
  		FD_ZERO(&w_error);
+ 
  		w_max = 0;
+ 
  		/* no point accepting connections we can't handle */
  		if (debuglevel > 1) debug("last = %d, used = %d, max = %d",
  					connections_last,