From 43be981b640a597a525d85add4deb23f9c164a44 Mon Sep 17 00:00:00 2001
From: Jeremy HOCDE
Date: Thu, 20 Jul 2017 20:07:11 +0100
Subject: system/c-icap: Added (ICAP server).

Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
---
 system/c-icap/README            |  21 +
 system/c-icap/c-icap.SlackBuild | 112 ++++++
 system/c-icap/c-icap.conf       | 864 ++++++++++++++++++++++++++++++++++++++++
 system/c-icap/c-icap.info       |  10 +
 system/c-icap/doinst.sh         |  26 ++
 system/c-icap/rc.c-icap         |  38 ++
 system/c-icap/slack-desc        |  19 +
 7 files changed, 1090 insertions(+)
 create mode 100644 system/c-icap/README
 create mode 100644 system/c-icap/c-icap.SlackBuild
 create mode 100644 system/c-icap/c-icap.conf
 create mode 100644 system/c-icap/c-icap.info
 create mode 100644 system/c-icap/doinst.sh
 create mode 100644 system/c-icap/rc.c-icap
 create mode 100644 system/c-icap/slack-desc

(limited to 'system/c-icap')

diff --git a/system/c-icap/README b/system/c-icap/README
new file mode 100644
index 0000000000..fd0615699f
--- /dev/null
+++ b/system/c-icap/README
@@ -0,0 +1,21 @@
+c-icap is an implementation of an ICAP server. It can be used with HTTP
+proxies that support the ICAP protocol to implement content adaptation
+and filtering services.
+
+In order to start c-icap at boot and stop it properly at shutdown,
+make sure rc.c-icap is executable and add the following lines to
+the following files:
+
+        /etc/rc.d/rc.local
+        ==================
+        # Startup c-icap
+        if [ -x /etc/rc.d/rc.c-icap ]; then
+                /etc/rc.d/rc.c-icap start
+        fi
+
+        /etc/rc.d/rc.local_shutdown
+        ===========================
+        # Stop c-icap
+        if [ -x /etc/rc.d/rc.c-icap ]; then
+                /etc/rc.d/rc.c-icap stop
+        fi
diff --git a/system/c-icap/c-icap.SlackBuild b/system/c-icap/c-icap.SlackBuild
new file mode 100644
index 0000000000..c5b0505b2c
--- /dev/null
+++ b/system/c-icap/c-icap.SlackBuild
@@ -0,0 +1,112 @@
+#!/bin/sh
+
+# Slackware build script for c-icap
+
+# Copyright 2017 Jeremy HOCDE
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=c-icap
+SRCNAM=c_icap
+VERSION=${VERSION:-0.5.2}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i586 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $SRCNAM-$VERSION
+tar xvf $CWD/$SRCNAM-$VERSION.tar.gz
+cd $SRCNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --mandir=/usr/man \
+  --docdir=/usr/doc/$PRGNAM-$VERSION \
+  --build=$ARCH-slackware-linux
+
+make
+make install DESTDIR=$PKG
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/var/{log,run}/c-icap
+
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.c-icap > $PKG/etc/rc.d/rc.c-icap.new
+cat $CWD/c-icap.conf > $PKG/etc/c-icap.conf.new
+rm $PKG/etc/c-icap.conf
+chmod 644 $PKG/etc/c-icap.*
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a \
+  INSTALL README RECONF docs/ \
+  $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/c-icap/c-icap.conf b/system/c-icap/c-icap.conf
new file mode 100644
index 0000000000..392c598aa7
--- /dev/null
+++ b/system/c-icap/c-icap.conf
@@ -0,0 +1,864 @@
+#
+# This file contains the default settings for c-icap
+# 
+# 
+
+
+# TAG: PidFile
+# Format: PidFile pid_file
+# Description:
+#	The file to store the pid of the main process of the c-icap server.
+# Default:
+#	PidFile /var/run/c-icap/c-icap.pid
+PidFile /var/run/c-icap/c-icap.pid
+
+# TAG: CommandsSocket
+# Format: CommandsSocket socket_file
+# Description:
+#	The path of file to use as control socket for c-icap
+# Default:
+#	CommandsSocket /var/run/c-icap/c-icap.ctl
+CommandsSocket /var/run/c-icap/c-icap.ctl
+
+# TAG: Timeout
+# Format: Timeout seconds
+# Description:
+#	The time in seconds after which a connection without activity
+#	can be cancelled.
+# Default:
+#	Timeout 300
+Timeout 300
+
+# TAG: MaxKeepAliveRequests
+# Format: MaxKeepAliveRequests number
+# Description:
+#	The maximum number of requests can be served by one connection
+#	Set it to -1 for no limit
+# Default:
+#	MaxKeepAliveRequests 100
+MaxKeepAliveRequests 100
+
+# TAG: KeepAliveTimeout
+# Format: KeepAliveTimeout seconds
+# Description:
+#	The maximum time in seconds waiting for a new requests before a 
+#	connection will be closed.
+#	If the value is set to -1, there is no timeout.
+# Default:
+#	KeepAliveTimeout 600
+KeepAliveTimeout 600  
+
+# TAG: StartServers
+# Format: StartServers number
+# Description:
+#	The initial number of server processes. Each server process
+#	generates a number of threads, which serve the requests.
+# Default:
+#	StartServers 3
+StartServers 3
+
+# TAG: MaxServers
+# Format: MaxServers number
+# Description:
+#	The maximum allowed number of server processes.
+# Default:
+#	MaxServers 10
+MaxServers 10
+
+# TAG: MinSpareThreads
+# Format: MinSpareThreads number
+# Description:
+#	If the number of the available threads is less than number,
+#	the c-icap server starts a new child.
+# Default:
+#	MinSpareThreads     10
+MinSpareThreads     10
+
+# TAG: MaxSpareThreads
+# Format: MaxSpareThreads number
+# Description:
+#	If the number of the available threads is more than number then 
+#	the c-icap server kills a child.
+# Default:
+#	MaxSpareThreads     20
+MaxSpareThreads     20
+
+# TAG: ThreadsPerChild
+# Format:  ThreadsPerChild number
+# Description:
+#	The number of threads per child process.
+# Default:
+#	ThreadsPerChild     10
+ThreadsPerChild     10
+
+# TAG: MaxRequestsPerChild
+# Format: MaxRequestsPerChild number
+# Description:
+#	The maximum number of requests that a child process can serve.
+#	After this number has been reached, process dies. The goal of this
+#	parameter is to minimize the risk of memory leaks and increase the
+#	stability of c-icap. It can be disabled by setting its value to 0.
+# Default:
+#	MaxRequestsPerChild  0
+MaxRequestsPerChild  0
+
+# TAG: InterProcessSharedMemScheme
+# Format: InterProcessSharedMemScheme posix | mmap | sysv
+# Description:
+#	The interprocess shared mem scheme to use. Available schemes:
+#	posix Use posix shared memory (shm_open interface)
+#	mmap  Use anonymous mmaped files as shared memory
+#	sysv  use the sysv ipc shared memory
+# Default:
+#	InterProcessSharedMemScheme posix
+
+# TAG: InterProcessLockingScheme
+# Format: InterProcessSharedMemScheme file | sysv | posix
+# Description:
+#	The interprocess locking scheme to use. Available schemes:
+#       file  Use lock file
+#       sysv  Use the sysv ipc semaphores
+#	posix Use posix semaphores: Use it with caution you may experienced
+#             locking problems if one or more processes crashed.
+# Default:
+#	InterProcessLockingScheme file
+
+# TAG: Port
+# Format: Port [address:]port
+# Description:
+#	The port number that the c-icap server uses to listen to requests.
+# Default:
+#	None
+Port 1344 
+
+# TAG: TlsPort
+# Format: TlsPort [address:]port [tls-method=method] [cert=path_to_pem_cert] [key=path_to_pem_key] [client_ca=path_to_pem_file] [ciphers=ciph1:ciph2...] [tls_options=[!]Opt1|[!]Opt2|...]
+# Description:
+#       The port number that the c-icap server uses to listen for TLS/SSL
+#	requests. Options:
+#	tls-method
+#		Set the SSL method to use. Available methods are:
+#		  SSLv23 TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2
+#	cert
+#		Set the certificate to use by the icap server. The certificate
+#		should be in pem format.
+#	key
+#		The key of the configured certificate in pem format. If none
+#		set then the c-icap searches for the key inside cert file.
+#	client_ca
+#		File containing all CA that we accept client certs from. If it
+#		is set then c-icap enables client certificates verification.
+#	cafile
+#		PEM file containing CA certificates to use when verifying client
+#		certificates. If not configured the root.pem file will be used.
+#	capath
+#		Directory containing additional CA certificates to use when
+#		verifying client certificates.
+#	ciphers
+#		Collon separated lists of the ciphers to accept. Please check
+#		openSSL manual for supported ciphers.
+#	tls-options
+#		Sets various options:
+#		SSL_OP_NO_SSLv2  disable the use of SSLv2
+#		SSL_OP_NO_SSLv3  disable the use of SSLv3
+#		SSL_OP_NO_TLSv1  disable the use of TLSv1
+#		SSL_OP_NO_TLSv1_2 disable the use of TLSv1.2
+#		SSL_OP_NO_TLSv1_1 disable the use of TLSv1.1
+#		SSL_OP_NO_TICKET  disable the use of RFC5077 session tickets
+#		SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+#		   When performing renegotiation as a server, always start a
+#		   new session.
+#		SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+#		   Allow legacy insecure renegotiation between OpenSSL and
+#		   unpatched clients or servers.
+#		
+#		For more options please see the SSL_set_options documentation.
+#		
+#		By default the SSL_OP_ALL flag is set which enables all of the
+#		important bug workarrounds. To reset this flag use the
+#		"!SSL_OP_ALL" as first flag:
+#			tls-options=!SSL_OP_ALL:SSL_OP_NO_TICKET
+#		
+# Default:
+#       None
+
+# TAG: TlsPassphrase
+# Format: TlsPassphrase /path/to/script
+# Description:
+#	Path to the script to run to get the passphrases of TLS certificates 
+#	keys. The c-icap will pass as arguments the IP address and port number
+#	to the script.
+# Default:
+#	No value
+# Example:
+#	TlsPassphrase /use/local/c-icap/scripts/cert-passphrase.sh 
+
+# TAG: User
+# Format: User username
+# Description:
+#	The user owning c-icap's processes. By default, the owner is the
+#	user who runs the program.
+# Default:
+#	No value
+# Example:
+#	User wwwrun
+
+# TAG: Group
+# Format: Group groupname
+# Description:
+#	The group of users owning c-icap's processes, which, by default
+#	is the group of the current user.
+# Default:
+#	No value
+# Example:
+#	Group nogroup
+
+# TAG: ServerAdmin
+# Format: ServerAdmin admin_mail
+# Description:
+#	The Administrator of this server. Used when displaying information
+#	about this server (logs, info service, etc)
+# Default:
+#	No value
+ServerAdmin admin@localhost
+
+# TAG: ServerName
+# Format: ServerName aServerName
+# Description:
+#	A name for this server. Used when displaying information about this
+#	server (logs, info service, etc)
+# Default:
+#	No value
+ServerName localhost
+
+# TAG: TmpDir
+# Format: TmpDir dir
+# Description:
+#	dir is the location of temporary files.
+# Default:
+#	TmpDir /var/tmp
+TmpDir /var/tmp
+
+# TAG: MaxMemObject
+# Format: MaxMemObject bytes
+# Description:
+#	The maximum memory size in bytes taken by an object which
+#	is processed by c-icap . If the size of an object's body is
+#	larger than the maximum size a temporary file is used.
+# Default:
+#	MaxMemObject 131072
+MaxMemObject 131072
+
+# TAG: DebugLevel
+# Format: DebugLevel level
+# Description:
+#	The level of debugging information to be logged.
+#	The acceptable range of levels is between 0 and 10.
+# Default:
+#	DebugLevel 1
+DebugLevel 1
+
+# TAG: Pipelining
+# Format: Pipelining on|off
+# Description:
+#	Enable or disable ICAP requests pipelining
+# Default:
+#	Pipelining on
+Pipelining on
+
+# TAG: SupportBuggyClients
+# FORMAT: SupportBuggyClients on|off
+# Description:
+#	Try to handle requests from buggy clients, for example ICAP requests
+#	missing "\r\n" sequences
+# Default:
+# SupportBuggyClients off
+SupportBuggyClients off
+
+# TAG: Allow204As200okZeroEncaps
+# Format: Allow204As200okZeroEncaps
+# Description:
+#	When used the c-icap instead of allow 204 return "200 OK" responses
+#	with zero encapsulated entities.
+# Default:
+#	No set
+
+# TAG: FakeAllow204
+# Format: FakeAllow204 on|off
+# Description:
+#	Support 204 responses from services preview handler to the clients
+#	which does not support preview. Requires early responses support
+#	from clients.
+#	If disabled the c-icap will return 500 response in these cases
+# Default:
+# FakeAllow204 on
+
+# TAG: ModulesDir
+# Format: ModulesDir dir
+# Description:
+#	The location of modules
+# Default:
+#	ModulesDir /usr/lib64/c_icap
+ModulesDir /usr/lib64/c_icap
+
+# TAG: ServicesDir
+# Format: ServicesDir dir
+# Description:
+#	The location of services
+# Default:
+#	ServicesDir /usr/lib64/c_icap
+ServicesDir /usr/lib64/c_icap
+
+# TAG: TemplateDir
+# Format: TemplateDir dir
+# Description:
+#	The location of the text templates used by c-icap and its services,
+#	categorized by language and services/modules
+# Default:
+#	No value
+# Example:
+TemplateDir /usr/share/c_icap/templates/
+
+# TAG: TemplateDefaultLanguage
+# Format: TemplateDefaultLanguage lang
+# Description:
+#	Sets the default language to use for text templates
+# Default:
+#	TemplateDefaultLanguage en
+TemplateDefaultLanguage en
+
+#TemplateReloadTime 360
+#TemplateCacheSize 20
+#TemplateMemBufSize 8192
+
+# TAG: LoadMagicFile
+# Format: LoadMagicFile path
+# Description:
+#	Load a c-icap magic file. A magic file contains various 
+#	data type definitions. Look inside default c-icap.magic file
+#	for more informations.
+#	It can be used more than once to use multiple magic files.
+# Default:
+#	LoadMagicFile /etc/c-icap.magic
+LoadMagicFile /etc/c-icap.magic
+
+# TAG: RemoteProxyUsers
+# Format: RemoteProxyUsers onoff
+# Description:
+#	Set it to on if you want to use username provided by the proxy server.
+#	This is the recomended way to use users in c-icap.
+#	If the RemoteProxyUsers is off and c-icap configured to use users or
+#	groups the internal authentication mechanism will be used.
+# Default:
+#	RemoteProxyUsers off
+RemoteProxyUsers off
+
+# TAG: RemoteProxyUserHeader
+# Format: RemoteProxyUserHeader Header
+# Description:
+#	Used to specify the icap header used by the proxy server to send
+#	the authenticated client username to c-icap server 
+# Default:
+#	RemoteProxyUserHeader X-Authenticated-User
+RemoteProxyUserHeader X-Authenticated-User
+
+# TAG: RemoteProxyUserHeaderEncoded
+# Format: RemoteProxyUserHeaderEncoded onoff
+# Description:
+#	Set it to off if the RemoteProxyUserHeader is not base64 encoded
+# Default:
+#	RemoteProxyUserHeaderEncoded on
+RemoteProxyUserHeaderEncoded on
+
+# TAG: AuthMethod
+# Format: AuthMethod Method Authenticator
+# Description:
+#	Used to define the internal authentication mechanism to use. This
+#	feature is not well tested and may cause problems. It is better to use
+#	RemoteProxyUser configuration.
+#	Method is the authentication method to use (basic, digest, etc).
+#	Currently only basic authentication method is implemented as build in
+#	module
+#	Authenticator currently can only be "basic_simple_db"
+#	It can be considered as a user/password store and can be
+#	implemented as external module. The basic_simple_db is implemented as
+#	build it module
+# Default:
+#	No set
+# Example:
+#	AuthMethod basic basic_simple_db
+
+# TAG: basic.Realm
+# Format: basic.Realm ARealm
+# Description:
+#	Specify the basic method realm
+# Default:
+#	basic.Realm "Basic authentication"
+# Example:
+#	basic.Realm "c-icap server authentication"
+
+# TAG: basic_simple_db.UsersDB
+# Format: basic_simple_db.UsersDB LookupTable
+# Description:
+#	Specify the lookup table where the usernames/passwords pairs 
+#	are stored. The paswords must be unencrypted
+#	For more information about c-icap lookup tables read c-icap server
+#	manual page
+# Default:
+#	No value
+# Example:
+#	basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt
+
+# TAG: GroupSourceByGroup
+# Format: GroupSourceByGroup LookupTable
+# Description:
+#	Defines a lookup table where the groups of users are stored indexed
+#	by group. It can be used more than once.
+#	For more information about c-icap lookup tables read c-icap server
+#	manual page
+# Default:
+#	No set
+# Example:
+#	GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt
+
+# TAG: GroupSourceByUser
+# Format: GroupSourceByUser LookupTable
+# Description:
+#	Defines a lookup table where the groups of users are stored indexed 
+#	by user. It can be used more than once.
+#	For more information about c-icap lookup tables read c-icap server
+#	manual page
+# Default:
+#	No set
+# Example:
+#	GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt
+
+# TAG: acl
+# Format: acl name type[{param}] value1 [value2] [...]
+# Description:
+#	Supported acl types are:
+#		acl aclname service service1 ...
+#		     The servicename
+#		acl aclname type OPTIONS|RESPMOD|REQMOD ...
+#		     The icap method
+#		acl aclname port port1 ...
+#		     The icap server port
+#		acl aclname src ip1/netmask1 ...
+#		     The client ip address
+#		acl aclname srvip ip1/netmask1 ...
+#		     The c-icap server ip address
+#		acl aclname icap_header{HeaderName} value1 ...
+#		     Matches the icap header HeaderName with value1 ...
+#		     The values are in regex form: /avalue/flags
+#		acl aclname icap_resp_header{HeaderName} value1 ...
+#		     The icap response header
+#		     The values are in regex form: /avalue/flags
+#		acl aclname http_req_header{HeaderName} value1 ...
+#		     The http request header
+#		     The values are in regex form: /avalue/flags
+#		acl aclname http_resp_header{HeaderName} value1 ...
+#		     The http response header
+#		     The values are in regex form: /avalue/flags
+#		acl aclname data_type type1 ...
+#		     The data type as recognized by the internal data type
+#		     recognizer. The types are defined in c-icap.magic file
+#		acl aclname auth username|* ...
+#		     The authenticated users. Using * instead of username means
+#		     all users.
+#		acl aclname group group1 ...
+#		     if the user of request belongs to given groups
+#		acl content_length{>|<|=} value1 ...
+#		     The content length of body data if the related information
+#		     included in http headers.
+#		     The parameter can take the value <, > or = to specify that
+#		     the acl will match if content length is less, greater or
+#		     equal to acl values.
+#		acl time value1 ....
+#		     It checks agains current time. The values format is:
+#		     [DAY[,DAY,[..]]][/][HH:MM-HH:MM]
+#		     The DAY can be one of the following:
+#			S - Sunday
+#			M - Monday
+#			T - Tuesday
+#			W - Wednesday
+#			H - Thursday
+#			F - Friday
+#			A - Saturday
+#		acl http_client_ip ip1[/netmask1] ...
+#		     The HTTP client ip address, if it is available.
+#		acl http_req_line value1 ...
+#		     The first line of HTTP request
+#		     The values are in regex form: /avalue/flags
+#		acl http_resp_line value1 ...
+#		     The first line of HTTP response
+#		     The values are in regex form: /avalue/flags
+#		acl http_req_url value1 ...
+#		     The HTTP request url without GET request arguments
+#		     The values are in regex form: /avalue/flags
+#		acl http_req_method value1 ...
+#		     The HTTP request method
+
+# Default:
+#	None set
+# Examples:
+#	acl OPTIONS type OPTIONS
+#	acl RESPMOD type RESPMOD
+#	acl REQMOD  type REQMOD
+#	acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
+#	acl XHEAD icap_header{X-Test}  /value/
+#	acl ECHO service echo
+#	acl localnet src 192.168.1.0/255.255.255.0
+#	acl localhost src 127.0.0.1/255.255.255.255
+#	acl all src 0.0.0.0/0.0.0.0
+#	acl BigObjects content_length{>} 5000000
+#	acl WorkingHours time M,T,W,H,F/8:00-18:00
+#	acl FreeHour time Sunday,Saturday/8:00-23:59 M,T,W,H,F/18:01-23:59 M,T,W,H,F/0:00-7.59
+
+# TAG: icap_access
+# Format: icap_access allow|deny [!]acl1 ...
+# Description:
+#	Allowing or denying ICAP access based on defined access lists
+# Default:
+#	None set
+# Example:
+#	icap_access deny XHEAD
+#	#Allow OPTIONS method for all:
+#	icap_access allow localnet OPTIONS
+#	#Require authentication for all users from local network:
+#	icap_access allow AUTH localnet
+#	icap_access deny all
+
+# TAG: client_access
+# Format: client_access allow|deny acl1 [acl2] [...]
+# Description:
+#	Allowing or denying connections on c-icap based on
+#	defined access lists. Only the acl types src, srvip and port
+#	can be used.
+# Default:
+#	None set
+# Example:
+#	client_access allow all
+
+# TAG: LogFormat 
+# Format: LogFormat Name Format
+# Description:
+#	Name is a name for this log format.
+#	Format is a string with embedded % format codes. % format codes 
+#	has the following form:
+#	    % [-] [width] [{argument}] formatcode
+#	    if - is specified then the output is left aligned
+#	    if width specified then the field is exactly width size
+#	    some formatcodes support arguments given as {argument}
+#	
+#	Format codes:
+#	       %a:  Remote IP-Address
+#	       %la: Local IP Address
+#	       %lp: Local port
+#	       %>a: Http Client IP Address. Only supported if the proxy 
+#	       	    client supports the "X-Client-IP" header
+#	       %<A: Http Server IP Address. Only supported if the proxy
+#	       	    client supports the "X-Server-IP" header
+#	       %ts: Seconds since epoch
+#	       %tl: Local time. Supports optional strftime format argument
+#	       %tg: GMT time. Supports optional strftime format argument
+#	       %>ho: Modified Http request header. Supports header name
+#	       	     as argument. If no argument given the first line returned
+#	       %huo: Modified Http request url
+#	       %<ho: Modified Http reply header. Supports header name
+#	       	     as argument. If no argument given the first line returned
+#	       %iu: Icap request url
+#	       %im: Icap method
+#	       %is: Icap status code
+#	       %>ih: Icap request header. Supports header name
+#	       	     as argument. If no argument given the first line returned
+#	       %<ih: Icap response header. Supports header name
+#	       	     as argument. If no argument given the first line returned
+#	       %Ih: Http bytes received
+#	       %Oh: Http bytes sent
+#	       %Ib: Http body bytes received
+#	       %Ob: Http body bytes sent
+#	       %I: Bytes received
+#	       %O: Bytes sent
+#	       %bph: The first 5 bytes of the body preview data. Non 
+#	       	     printable characters printed in hex form.
+#	       	     Supports the number of bytes to output as argument.
+#	       %un: Username
+#	       %Sl: Service log string
+#              %Sa: Attribute value set by service. The attribute name must 
+#                   given as argument.
+# Default:
+#	None set
+# Example:
+#	LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" 
+
+# TAG: ServerLog
+# Format: ServerLog LogFile
+# Description:
+#	the file used by the build-in logger file_logger to 
+#	store debugging information, errors and other
+#	information about the c-icap server.
+# Default:
+#	ServerLog /usr/var/log/server.log
+ServerLog /var/log/c-icap/server.log
+
+# TAG: AccessLog
+# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
+# Description:
+#	LogFile is a file where to log access information.
+#	LogFormat is the log format to use. If ommited c-icap uses:
+#	 	"%tl, %la %a %im %iu %is"
+#	Also acls can be used to select certain requests to be logged.
+#	This directive can be used more than once to specify more than
+#	one access log files
+# Default:
+#	AccessLog /usr/var/log/access.log
+# Example:
+#	AccessLog /usr/var/log/access.log MyFormat all
+AccessLog /var/log/c-icap/access.log
+
+# TAG: Logger
+# Format: Logger LoggerName
+# Description:
+#	Specify wich logger to use. By default uses the build in "file_logger" which
+#	uses files for access and server logging.
+# Default:
+#	Logger file_logger
+# Example:
+#	Logger sys_logger
+
+# TAG: Module
+# Format: Module Type ModuleFile [forceUnload=off]
+# Description:
+#	Load an external module/plugin to c-icap.
+#	ModuleFile is the filename of the module. If no full path given then
+#	the c-icap uses the path defined by the ModulesDir configuration
+#	parameter.
+#	Type is the type of the external module and can be one of the following:
+#		"logger" for modules implement a logger
+#		"common" for general purpose modules
+#	forceUnload=off
+#		Forces c-icap to not unload services/modules loaded as external
+#		dynamic libraries on shutdown or reconfigure.
+#		This option may required when the services/modules are using
+#		c++, or they are linked with c++ libraries.
+# Default:
+#	
+# Example:
+#	Module logger sys_logger.so
+
+# TAG: Service
+# Format: Service aName ServiceFile [forceUnload=off]
+# Description:
+#	It loads the service ServiceFile. The argument aName used 
+#	as alias name for the service
+#	forceUnload=off
+#		Forces c-icap to not unload services/modules loaded as external
+#		dynamic libraries on shutdown or reconfigure.
+#		This option may required when the services/modules are using
+#		c++, or they are linked with c++ libraries.
+
+# Default:
+#	
+# Example:
+#	Service echo_service srv_echo.so
+
+
+# TAG: ServiceAlias
+# Format: ServiceAlias AliasName ServiceName[?param1=value1&param2=value2...]
+# Description:
+#	Used to define an alias name for a service.
+# Default:
+#	
+# Example:
+#	ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
+
+
+
+#
+# TAG: General configuration parameters for all services
+# Description:
+#	PreviewSize: The preview data size to advertise to the icap client
+#	MaxConnections: The client should not use more than MaxConnections
+#		for this service.
+#	TransferPreview: The list of file extensions, seperated by commas,
+#		for which the client should send preview data.
+#	TransferIgnore: The list of file extensions that should not be sent
+#		to the icap server
+#	TransferComplete: The list of file extensions that should be sent
+#		in their entirety, without preview, to the icap server
+#	OptionsTTL: The options ttl for the service. The "sec[s]", "min" or 
+#		"hour[s]" can be used to secify that the time is in seconds
+#		minutes or hours respectively. If no time-units given
+#		seconds are assumed.
+#	Allow206 on|off: Enable/disable advertise of 206 responses.
+#
+# Example:
+#	echo.PreviewSize 512
+#	echo.TransferIgnore gif, jpeg
+#	echo.OptionsTTL 3 min
+
+
+######################################################
+# External modules comming with core c-icap server
+#
+# Module: echo
+# Description:
+#	Simple test service
+# Example:
+#	Service echo srv_echo.so
+Service echo srv_echo.so
+
+# Module: sys_logger
+# Description:
+#	Add support for logging access and server events to syslog server
+#	Use "Module" configuration parameter to load this module and "Logger"
+#	to make it default logger for the c-icap.
+# Example:
+#	Module logger sys_logger.so
+#	Logger sys_logger
+
+
+# TAG: sys_logger.Prefix
+# Format: sys_logger.Prefix string
+# Description:
+#	 string is be presented in every syslog message.
+# Default:
+#	sys_logger.Prefix "C-ICAP:"
+
+# TAG: sys_logger.Facility
+# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
+# Description:
+#	specifies the facility type of syslog. 
+# Default:
+#	sys_logger.Facility daemon
+
+# TAG: sys_logger.access_priority
+# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
+# Description:
+#	determines  the  importance  of the access log message
+# Default:
+#	sys_logger.access_priority info
+
+# TAG: sys_logger.server_priority
+# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
+# Description:
+#	determines  the  importance  of the server log message
+# Default:
+#	sys_logger.server_priority crit
+
+# TAG: sys_logger.LogFormat
+# Format: sys_logger.LogFormat LOGFORMAT
+# Description:
+#	The log format to use. If no log format defined then 
+#	the following will be used:
+#	    "%la %a %im %iu %is"
+# Default:
+#	None set 
+# Example:
+#	Logformat BasicFormat "%la %a %im %iu %is"
+#	sys_logger.LogFormat BasicFormat
+
+# TAG: sys_logger.access
+# Format: sys_logger.access [!]acl1 ...
+# Description:
+#	Allow selecting ICAP requests to be logged using acls.
+#	By default all requests will be logged.
+# Default:
+#	None set
+# Example:
+#	sys_logger.access all
+
+# End module: sys_logger
+
+# Module: bdb_tables
+# Description:
+#	Add support for Berkeley DB based lookup tables. The format for 
+#	bdb path of the lookup table is:
+#		bdb:/path/to/bdb[{param1=val, ...}]
+#	bdb table parameters can be one or more of the followings:
+#	    cache-size=Size[K|M]
+#               The cache size to use. Default is the berkeleyDB default value.
+#	    cache-num=num
+#	        The number of caches to create. The cache will be split across
+#	        num separate regions, where the region size is equal to the
+#	        initial cache size divided by ncache.
+#	Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
+# Example:
+#	Module common bdb_tables.so
+
+# End module: bdb_tables
+
+# Module: dnsbl_tables
+# Description:
+#	Add support for dns lookup tables. Can be used to access
+#	dns block lists. The dnsbl lookup table path definition is:
+#	    dnsbl:domainname[{param1=val, ...}]
+#       dnsbl table parameters can be one or more of the followings:
+#            cache=no|cache_type
+#               The cache type to use or 'no' for no cache.
+#            cache-size=Size[K|M]
+#               The cache size in RAM
+#            cache-ttl=ttl
+#               The cache ttl to use
+#	
+#	For example the lookup table  for accessing the black.uribl.com
+#	dns black list is: 
+#	    dnsbl:black.uribl.com
+# Example:
+#	Module common dnsbl_tables.so
+
+# End module: dnsbl_tables
+
+# Module: ldap_module
+# Description:
+#	Add LDAP support to c-icap. The user can use LDAP based lookup tables
+#	using the following lookup table paths:
+#	      ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}]
+#	      ldaps://...
+#	      ldapi://...
+#	The filter can contain the "%s" formating code which will be replaced by
+#	the search key.
+#	ldap table parameters can be one or more of the followings:
+#	     name=aName
+#		A unique name to use for this table
+#	     cache=no|cache_type
+#		The cache type to use or no for no cache.
+#	     cache-size=Size[K|M]
+#		The cache size in RAM
+#	     cache-ttl=ttl
+#		The cache ttl to use
+#	     cache-item-size=ItemSize[K|M]
+#		The maximum item size
+#	
+#	Examples of supported ldap urls:
+#	     ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s{cache=memcached}
+#	     ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
+#	
+#	WARNING: is not enough tested it may contain bugs!
+# Example:
+#	Module common ldap_module.so
+
+# End module: ldap_module
+
+# Module: memcached
+# Description:
+#       Add support for memcached c-icap cache.
+# Example:
+#       Module common memcached.so
+
+# TAG: memcached.servers
+# Format: memcached.servers hostname1 hostname2 ...
+# Description:
+#	Set the memcached servers to use
+# Default:
+#	memcached.servers 127.0.0.1
+
+# TAG: memcached.use_md5_keys
+# Format: memcached.use_md5_keys on|off
+# Description:
+#	Whether to use or not md5 hash as key when the key exceeds the
+#	MEMCACHED_MAX_KEY (normaly 251 bytes)
+# Default:
+#	memcached.use_md5_keys on
+
+# End module: memcached
diff --git a/system/c-icap/c-icap.info b/system/c-icap/c-icap.info
new file mode 100644
index 0000000000..5aa44e0115
--- /dev/null
+++ b/system/c-icap/c-icap.info
@@ -0,0 +1,10 @@
+PRGNAM="c-icap"
+VERSION="0.5.2"
+HOMEPAGE="http://c-icap.sourceforge.net/"
+DOWNLOAD="https://downloads.sourceforge.net/project/c-icap/c-icap/0.5.x/c_icap-0.5.2.tar.gz"
+MD5SUM="c0ad392336eb401d1630174cc67c0f71"
+DOWNLOAD_x86_64="https://downloads.sourceforge.net/project/c-icap/c-icap/0.5.x/c_icap-0.5.2.tar.gz"
+MD5SUM_x86_64="c0ad392336eb401d1630174cc67c0f71"
+REQUIRES=""
+MAINTAINER="Jeremy HOCDE"
+EMAIL="jeremyhocde@gmail.com"
diff --git a/system/c-icap/doinst.sh b/system/c-icap/doinst.sh
new file mode 100644
index 0000000000..b0a57882fe
--- /dev/null
+++ b/system/c-icap/doinst.sh
@@ -0,0 +1,26 @@
+config() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+    # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  if [ -e $OLD ]; then
+    cp -a $OLD ${NEW}.incoming
+    cat $NEW > ${NEW}.incoming
+    mv ${NEW}.incoming $NEW
+  fi
+  config $NEW
+}
+
+preserve_perms etc/rc.d/rc.c-icap.new
+config etc/c-icap.conf.new
diff --git a/system/c-icap/rc.c-icap b/system/c-icap/rc.c-icap
new file mode 100644
index 0000000000..6dc06609ba
--- /dev/null
+++ b/system/c-icap/rc.c-icap
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Start/stop/restart c-icap.
+
+# Start c-icap:
+icap_start() {
+  CMDLINE="/usr/bin/c-icap"
+  echo -n "Starting c-icap daemon:  $CMDLINE"
+  $CMDLINE -f /etc/c-icap.conf
+  echo
+}
+
+# Stop c-icap:
+icap_stop() {
+  echo -n "Stopping c-icap daemon..."
+  for i in $(pgrep -f c-icap); do kill -15 $i; done
+  echo
+}
+
+# Restart c-icap:
+icap_restart() {
+  icap_stop
+  sleep 1
+  icap_start
+}
+
+case "$1" in
+'start')
+  icap_start
+  ;;
+'stop')
+  icap_stop
+  ;;
+'restart')
+  icap_restart
+  ;;
+*)
+  echo "usage $0 start|stop|restart"
+esac
diff --git a/system/c-icap/slack-desc b/system/c-icap/slack-desc
new file mode 100644
index 0000000000..97ccddccf6
--- /dev/null
+++ b/system/c-icap/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+      |-----handy-ruler------------------------------------------------------|
+c-icap: c-icap (ICAP server)
+c-icap:
+c-icap: c-icap is an implementation of an ICAP server. It can be used with
+c-icap: HTTP proxies that support the ICAP protocol to implement content
+c-icap: adaptation and filtering services.
+c-icap:
+c-icap: http://c-icap.sourceforge.net/
+c-icap:
+c-icap:
+c-icap:
+c-icap:
-- 
cgit v1.2.3