Warn about http-relay usage

http-relay should be avoided due to CVE-2009-0801. It was implemented to
support ancient HTTP/1.0 clients that did not set `Host` header, so
upstream proxy had at least some way to determine request destination.

In modern post-SPDY world this method should not be used, you should
rather configure upstream proxy to accept CONNECT requests to any port
and use `http-connect` instead.

Great CVE-2009-0801 description can be found in squid-users on 2015-12-18
http://lists.squid-cache.org/pipermail/squid-users/2015-December/008392.html

http-relay.c

@@ -119,6 +119,11 @@ static void httpr_client_fini(redsocks_client *client)
 	httpr_buffer_fini(&httpr->relay_buffer);
 }
 
+static void httpr_instance_init(redsocks_instance *instance)
+{
+	log_error(LOG_WARNING, "You should avoid `http-relay`, e.g. due to CVE-2009-0801");
+}
+
 static void httpr_instance_fini(redsocks_instance *instance)
 {
 	http_auth *auth = (void*)(instance + 1);
@@ -574,6 +579,7 @@ relay_subsys http_relay_subsys =
 	.connect_relay        = httpr_connect_relay,
 	.readcb               = httpr_relay_read_cb,
 	.writecb              = httpr_relay_write_cb,
+	.instance_init        = httpr_instance_init,
 	.instance_fini        = httpr_instance_fini,
 };
 

redsocks.c

@@ -1308,6 +1308,9 @@ static int redsocks_init_instance(redsocks_instance *instance)
 		goto fail;
 	}
 
+	if (instance->relay_ss->instance_init)
+		instance->relay_ss->instance_init(instance);
+
 	return 0;
 
 fail:

redsocks.h

@@ -19,6 +19,7 @@ typedef struct relay_subsys_t {
 	evbuffercb writecb;
 	void       (*init)(struct redsocks_client_t *client);
 	void       (*fini)(struct redsocks_client_t *client);
+	void       (*instance_init)(struct redsocks_instance_t *instance);
 	void       (*instance_fini)(struct redsocks_instance_t *instance);
 	// connect_relay (if any) is called instead of redsocks_connect_relay after client connection acceptance
 	void       (*connect_relay)(struct redsocks_client_t *client);