git ssb - Revert "clarify no space after -F (issue 108)"

Commit 067f5d76462e26cdbcb898425cc35453f21df232

Revert "clarify no space after -F (issue 108)"

This reverts commit f02ce3821c018719536971dbb1bc1ed1517530a2.

That commit accidently imported code that broke transparent
proxying.

Yves Rutschle committed on 1/8/2017, 11:54:34 AM
Parent: 718fe0e2e9f339a022d9bc13285017fdd76a32e1

Files changed

common.c	changed
common.h	changed
probe.c	changed
probe.h	changed
sslh-main.c	changed
sslh.pod	changed

common.cView
		@@ -36,8 +36,9 @@
36	36	int probing_timeout = 2;
37	37	int inetd = 0;
38	38	int foreground = 0;
39	39	int background = 0;
	40	+int transparent = 0;
40	41	int numeric = 0;
41	42	const char user_name, pid_file;
42	43
43	44	struct addrinfo addr_listen = NULL; / what addresses do we listen to? */
		@@ -235,9 +236,9 @@
235	236	CHECK_RES_RETURN(res, "getpeername");
236	237
237	238	for (a = cnx->proto->saddr; a; a = a->ai_next) {
238	239	/* When transparent, make sure both connections use the same address family */
239		- if (cnx->proto->transparent && a->ai_family != from.ai_addr->sa_family)
	240	+ if (transparent && a->ai_family != from.ai_addr->sa_family)
240	241	continue;
241	242	if (verbose)
242	243	fprintf(stderr, "connecting to %s family %d len %d\n",
243	244	sprintaddr(buf, sizeof(buf), a),
		@@ -248,9 +249,9 @@
248	249	if (fd == -1) {
249	250	log_message(LOG_ERR, "forward to %s failed:socket: %s\n",
250	251	cnx->proto->description, strerror(errno));
251	252	} else {
252		- if (cnx->proto->transparent) {
	253	+ if (transparent) {
253	254	res = bind_peer(fd, fd_from);
254	255	CHECK_RES_RETURN(res, "bind_peer");
255	256	}
256	257	res = connect(fd, a->ai_addr, a->ai_addrlen);

common.hView
		@@ -112,9 +112,10 @@
112	112
113	113	int defer_write(struct queue q, void data, int data_size);
114	114	int flush_deferred(struct queue *q);
115	115
116		-extern int probing_timeout, verbose, inetd, foreground, background, numeric;
	116	+extern int probing_timeout, verbose, inetd, foreground,
	117	+ background, transparent, numeric;
117	118	extern struct sockaddr_storage addr_ssl, addr_ssh, addr_openvpn;
118	119	extern struct addrinfo *addr_listen;
119	120	extern const char* USAGE_STRING;
120	121	extern const char* user_name, *pid_file;

probe.cView
		@@ -44,18 +44,18 @@
44	44
45	45	/* Table of protocols that have a built-in probe
46	46	*/
47	47	static struct proto builtins[] = {
48		- /* description service saddr log_level keepalive transparent probe */
49		- { "ssh", "sshd", NULL, 1, 0, 0, is_ssh_protocol},
50		- { "openvpn", NULL, NULL, 1, 0, 0, is_openvpn_protocol },
51		- { "tinc", NULL, NULL, 1, 0, 0, is_tinc_protocol },
52		- { "xmpp", NULL, NULL, 1, 0, 0, is_xmpp_protocol },
53		- { "http", NULL, NULL, 1, 0, 0, is_http_protocol },
54		- { "ssl", NULL, NULL, 1, 0, 0, is_tls_protocol },
55		- { "tls", NULL, NULL, 1, 0, 0, is_tls_protocol },
56		- { "adb", NULL, NULL, 1, 0, 0, is_adb_protocol },
57		- { "anyprot", NULL, NULL, 1, 0, 0, is_true }
	48	+ /* description service saddr log_level keepalive probe */
	49	+ { "ssh", "sshd", NULL, 1, 0, is_ssh_protocol},
	50	+ { "openvpn", NULL, NULL, 1, 0, is_openvpn_protocol },
	51	+ { "tinc", NULL, NULL, 1, 0, is_tinc_protocol },
	52	+ { "xmpp", NULL, NULL, 1, 0, is_xmpp_protocol },
	53	+ { "http", NULL, NULL, 1, 0, is_http_protocol },
	54	+ { "ssl", NULL, NULL, 1, 0, is_tls_protocol },
	55	+ { "tls", NULL, NULL, 1, 0, is_tls_protocol },
	56	+ { "adb", NULL, NULL, 1, 0, is_adb_protocol },
	57	+ { "anyprot", NULL, NULL, 1, 0, is_true }
58	58	};
59	59
60	60	static struct proto *protocols;
61	61	static char* on_timeout = "ssh";

probe.hView
		@@ -23,9 +23,8 @@
23	23	int log_level; /* 0: No logging of connection
24	24	* 1: Log incoming connection
25	25	*/
26	26	int keepalive; /* 0: No keepalive ; 1: Set Keepalive for this connection */
27		- int transparent; /* 0: opaque proxy ; 1: transparent proxy */
28	27
29	28	/* function to probe that protocol; parameters are buffer and length
30	29	* containing the data to probe, and a pointer to the protocol structure */
31	30	T_PROBE* probe;

sslh-main.cView
		@@ -38,9 +38,9 @@
38	38
39	39	const char* USAGE_STRING =
40	40	"sslh " VERSION "\n" \
41	41	"usage:\n" \
42		-"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F<file>]\n"
	42	+"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F <file>]\n"
43	43	"\t[-t <timeout>] [-P <pidfile>] -u <username> -p <add> [-p <addr> ...] \n" \
44	44	"%s\n\n" /* Dynamically built list of builtin protocols */ \
45	45	"\t[--on-timeout <addr>]\n" \
46	46	"-v: verbose\n" \
		@@ -48,9 +48,9 @@
48	48	"-f: foreground\n" \
49	49	"-n: numeric output\n" \
50	50	"-u: specify under which user to run\n" \
51	51	"--transparent: behave as a transparent proxy\n" \
52		-"-F: use configuration file (warning: no space between -F and file name!)\n" \
	52	+"-F: use configuration file\n" \
53	53	"--on-timeout: connect to specified address upon timeout (default: ssh address)\n" \
54	54	"-t: seconds to wait before connecting to --on-timeout address.\n" \
55	55	"-p: address and port to listen on.\n Can be used several times to bind to several addresses.\n" \
56	56	"--[ssh,ssl,...]: where to connect connections from corresponding protocol.\n" \
		@@ -60,16 +60,13 @@
60	60
61	61	/* Constants for options that have no one-character shorthand */
62	62	#define OPT_ONTIMEOUT 257
63	63
64		-/* Global setting for transparent proxying */
65		-int g_transparent = 0;
66		-
67	64	static struct option const_options[] = {
68	65	{ "inetd", no_argument, &inetd, 1 },
69	66	{ "foreground", no_argument, &foreground, 1 },
70	67	{ "background", no_argument, &background, 1 },
71		- { "transparent", no_argument, &g_transparent, 1 },
	68	+ { "transparent", no_argument, &transparent, 1 },
72	69	{ "numeric", no_argument, &numeric, 1 },
73	70	{ "verbose", no_argument, &verbose, 1 },
74	71	{ "user", required_argument, 0, 'u' },
75	72	{ "config", optional_argument, 0, 'F' },
		@@ -125,18 +122,16 @@
125	122	struct proto *p;
126	123
127	124	for (p = get_first_protocol(); p; p = p->next) {
128	125	fprintf(stderr,
129		- "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s%s]\n",
	126	+ "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s]\n",
130	127	p->description,
131	128	sprintaddr(buf, sizeof(buf), p->saddr),
132	129	p->service,
133	130	p->log_level,
134	131	p->saddr->ai_family,
135	132	p->saddr->ai_addr->sa_family,
136		- p->keepalive ? "keepalive " : "",
137		- p->transparent ? "transparent" : ""
138		- );
	133	+ p->keepalive ? "keepalive" : "");
139	134	}
140	135	fprintf(stderr, "listening on:\n");
141	136	for (a = addr_listen; a; a = a->ai_next) {
142	137	fprintf(stderr,
		@@ -311,9 +306,8 @@
311	306	)) {
312	307	p->description = name;
313	308	config_setting_lookup_string(prot, "service", &(p->service));
314	309	config_setting_lookup_bool(prot, "keepalive", &p->keepalive);
315		- config_setting_lookup_bool(prot, "transparent", &p->transparent);
316	310
317	311	if (config_setting_lookup_int(prot, "log_level", &p->log_level) == CONFIG_FALSE) {
318	312	p->log_level = 1;
319	313	}
		@@ -381,9 +375,9 @@
381	375	config_lookup_bool(&config, "verbose", &verbose);
382	376	config_lookup_bool(&config, "inetd", &inetd);
383	377	config_lookup_bool(&config, "foreground", &foreground);
384	378	config_lookup_bool(&config, "numeric", &numeric);
385		- config_lookup_bool(&config, "transparent", &g_transparent);
	379	+ config_lookup_bool(&config, "transparent", &transparent);
386	380
387	381	if (config_lookup_int(&config, "timeout", (int *)&timeout) == CONFIG_TRUE) {
388	382	probing_timeout = timeout;
389	383	}

sslh.podView
		@@ -5,9 +5,9 @@
5	5	sslh - protocol demultiplexer
6	6
7	7	=head1 SYNOPSIS
8	8
9		-sslh [B<-F>I<config file>] [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--tls> I<target address for TLS>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--xmpp> I<target address for XMPP>] [B<--tinc> I<target address for TINC>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n]
	9	+sslh [B<-F> I<config file>] [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--tls> I<target address for TLS>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--xmpp> I<target address for XMPP>] [B<--tinc> I<target address for TINC>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n]
10	10
11	11	=head1 DESCRIPTION
12	12
13	13	B<sslh> accepts connections on specified ports, and forwards
		@@ -77,17 +77,14 @@
77	77	=head1 OPTIONS
78	78
79	79	=over 4
80	80
81		-=item B<-F>I<filename>, B<--config> I<filename>
	81	+=item B<-F> I<filename>, B<--config> I<filename>
82	82
83	83	Uses I<filename> as configuration file. If other
84	84	command-line options are specified, they will override the
85	85	configuration file's settings.
86	86
87		-When using the shorthand version, make sure there should be
88		-no space between B<-F> and the I<filename>.
89		-
90	87	=item B<-t> I<num>, B<--timeout> I<num>
91	88
92	89	Timeout before forwarding the connection to the timeout
93	90	protocol (which should usually be SSH). Default is 2s.

Built with git-ssb-web

cel / sslh

Commit 067f5d76462e26cdbcb898425cc35453f21df232

Revert "clarify no space after -F (issue 108)"

Files changed