Commit 067f5d76462e26cdbcb898425cc35453f21df232
Revert "clarify no space after -F (issue 108)"
This reverts commit f02ce3821c018719536971dbb1bc1ed1517530a2. That commit accidently imported code that broke transparent proxying.Yves Rutschle committed on 1/8/2017, 11:54:34 AM
Parent: 718fe0e2e9f339a022d9bc13285017fdd76a32e1
Files changed
common.c | changed |
common.h | changed |
probe.c | changed |
probe.h | changed |
sslh-main.c | changed |
sslh.pod | changed |
common.c | ||
---|---|---|
@@ -36,8 +36,9 @@ | ||
36 | 36 | int probing_timeout = 2; |
37 | 37 | int inetd = 0; |
38 | 38 | int foreground = 0; |
39 | 39 | int background = 0; |
40 | +int transparent = 0; | |
40 | 41 | int numeric = 0; |
41 | 42 | const char *user_name, *pid_file; |
42 | 43 | |
43 | 44 | struct addrinfo *addr_listen = NULL; /* what addresses do we listen to? */ |
@@ -235,9 +236,9 @@ | ||
235 | 236 | CHECK_RES_RETURN(res, "getpeername"); |
236 | 237 | |
237 | 238 | for (a = cnx->proto->saddr; a; a = a->ai_next) { |
238 | 239 | /* When transparent, make sure both connections use the same address family */ |
239 | - if (cnx->proto->transparent && a->ai_family != from.ai_addr->sa_family) | |
240 | + if (transparent && a->ai_family != from.ai_addr->sa_family) | |
240 | 241 | continue; |
241 | 242 | if (verbose) |
242 | 243 | fprintf(stderr, "connecting to %s family %d len %d\n", |
243 | 244 | sprintaddr(buf, sizeof(buf), a), |
@@ -248,9 +249,9 @@ | ||
248 | 249 | if (fd == -1) { |
249 | 250 | log_message(LOG_ERR, "forward to %s failed:socket: %s\n", |
250 | 251 | cnx->proto->description, strerror(errno)); |
251 | 252 | } else { |
252 | - if (cnx->proto->transparent) { | |
253 | + if (transparent) { | |
253 | 254 | res = bind_peer(fd, fd_from); |
254 | 255 | CHECK_RES_RETURN(res, "bind_peer"); |
255 | 256 | } |
256 | 257 | res = connect(fd, a->ai_addr, a->ai_addrlen); |
common.h | ||
---|---|---|
@@ -112,9 +112,10 @@ | ||
112 | 112 | |
113 | 113 | int defer_write(struct queue *q, void* data, int data_size); |
114 | 114 | int flush_deferred(struct queue *q); |
115 | 115 | |
116 | -extern int probing_timeout, verbose, inetd, foreground, background, numeric; | |
116 | +extern int probing_timeout, verbose, inetd, foreground, | |
117 | + background, transparent, numeric; | |
117 | 118 | extern struct sockaddr_storage addr_ssl, addr_ssh, addr_openvpn; |
118 | 119 | extern struct addrinfo *addr_listen; |
119 | 120 | extern const char* USAGE_STRING; |
120 | 121 | extern const char* user_name, *pid_file; |
probe.c | ||
---|---|---|
@@ -44,18 +44,18 @@ | ||
44 | 44 | |
45 | 45 | /* Table of protocols that have a built-in probe |
46 | 46 | */ |
47 | 47 | static struct proto builtins[] = { |
48 | - /* description service saddr log_level keepalive transparent probe */ | |
49 | - { "ssh", "sshd", NULL, 1, 0, 0, is_ssh_protocol}, | |
50 | - { "openvpn", NULL, NULL, 1, 0, 0, is_openvpn_protocol }, | |
51 | - { "tinc", NULL, NULL, 1, 0, 0, is_tinc_protocol }, | |
52 | - { "xmpp", NULL, NULL, 1, 0, 0, is_xmpp_protocol }, | |
53 | - { "http", NULL, NULL, 1, 0, 0, is_http_protocol }, | |
54 | - { "ssl", NULL, NULL, 1, 0, 0, is_tls_protocol }, | |
55 | - { "tls", NULL, NULL, 1, 0, 0, is_tls_protocol }, | |
56 | - { "adb", NULL, NULL, 1, 0, 0, is_adb_protocol }, | |
57 | - { "anyprot", NULL, NULL, 1, 0, 0, is_true } | |
48 | + /* description service saddr log_level keepalive probe */ | |
49 | + { "ssh", "sshd", NULL, 1, 0, is_ssh_protocol}, | |
50 | + { "openvpn", NULL, NULL, 1, 0, is_openvpn_protocol }, | |
51 | + { "tinc", NULL, NULL, 1, 0, is_tinc_protocol }, | |
52 | + { "xmpp", NULL, NULL, 1, 0, is_xmpp_protocol }, | |
53 | + { "http", NULL, NULL, 1, 0, is_http_protocol }, | |
54 | + { "ssl", NULL, NULL, 1, 0, is_tls_protocol }, | |
55 | + { "tls", NULL, NULL, 1, 0, is_tls_protocol }, | |
56 | + { "adb", NULL, NULL, 1, 0, is_adb_protocol }, | |
57 | + { "anyprot", NULL, NULL, 1, 0, is_true } | |
58 | 58 | }; |
59 | 59 | |
60 | 60 | static struct proto *protocols; |
61 | 61 | static char* on_timeout = "ssh"; |
probe.h | ||
---|---|---|
@@ -23,9 +23,8 @@ | ||
23 | 23 | int log_level; /* 0: No logging of connection |
24 | 24 | * 1: Log incoming connection |
25 | 25 | */ |
26 | 26 | int keepalive; /* 0: No keepalive ; 1: Set Keepalive for this connection */ |
27 | - int transparent; /* 0: opaque proxy ; 1: transparent proxy */ | |
28 | 27 | |
29 | 28 | /* function to probe that protocol; parameters are buffer and length |
30 | 29 | * containing the data to probe, and a pointer to the protocol structure */ |
31 | 30 | T_PROBE* probe; |
sslh-main.c | ||
---|---|---|
@@ -38,9 +38,9 @@ | ||
38 | 38 | |
39 | 39 | const char* USAGE_STRING = |
40 | 40 | "sslh " VERSION "\n" \ |
41 | 41 | "usage:\n" \ |
42 | -"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F<file>]\n" | |
42 | +"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F <file>]\n" | |
43 | 43 | "\t[-t <timeout>] [-P <pidfile>] -u <username> -p <add> [-p <addr> ...] \n" \ |
44 | 44 | "%s\n\n" /* Dynamically built list of builtin protocols */ \ |
45 | 45 | "\t[--on-timeout <addr>]\n" \ |
46 | 46 | "-v: verbose\n" \ |
@@ -48,9 +48,9 @@ | ||
48 | 48 | "-f: foreground\n" \ |
49 | 49 | "-n: numeric output\n" \ |
50 | 50 | "-u: specify under which user to run\n" \ |
51 | 51 | "--transparent: behave as a transparent proxy\n" \ |
52 | -"-F: use configuration file (warning: no space between -F and file name!)\n" \ | |
52 | +"-F: use configuration file\n" \ | |
53 | 53 | "--on-timeout: connect to specified address upon timeout (default: ssh address)\n" \ |
54 | 54 | "-t: seconds to wait before connecting to --on-timeout address.\n" \ |
55 | 55 | "-p: address and port to listen on.\n Can be used several times to bind to several addresses.\n" \ |
56 | 56 | "--[ssh,ssl,...]: where to connect connections from corresponding protocol.\n" \ |
@@ -60,16 +60,13 @@ | ||
60 | 60 | |
61 | 61 | /* Constants for options that have no one-character shorthand */ |
62 | 62 | |
63 | 63 | |
64 | -/* Global setting for transparent proxying */ | |
65 | -int g_transparent = 0; | |
66 | - | |
67 | 64 | static struct option const_options[] = { |
68 | 65 | { "inetd", no_argument, &inetd, 1 }, |
69 | 66 | { "foreground", no_argument, &foreground, 1 }, |
70 | 67 | { "background", no_argument, &background, 1 }, |
71 | - { "transparent", no_argument, &g_transparent, 1 }, | |
68 | + { "transparent", no_argument, &transparent, 1 }, | |
72 | 69 | { "numeric", no_argument, &numeric, 1 }, |
73 | 70 | { "verbose", no_argument, &verbose, 1 }, |
74 | 71 | { "user", required_argument, 0, 'u' }, |
75 | 72 | { "config", optional_argument, 0, 'F' }, |
@@ -125,18 +122,16 @@ | ||
125 | 122 | struct proto *p; |
126 | 123 | |
127 | 124 | for (p = get_first_protocol(); p; p = p->next) { |
128 | 125 | fprintf(stderr, |
129 | - "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s%s]\n", | |
126 | + "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s]\n", | |
130 | 127 | p->description, |
131 | 128 | sprintaddr(buf, sizeof(buf), p->saddr), |
132 | 129 | p->service, |
133 | 130 | p->log_level, |
134 | 131 | p->saddr->ai_family, |
135 | 132 | p->saddr->ai_addr->sa_family, |
136 | - p->keepalive ? "keepalive " : "", | |
137 | - p->transparent ? "transparent" : "" | |
138 | - ); | |
133 | + p->keepalive ? "keepalive" : ""); | |
139 | 134 | } |
140 | 135 | fprintf(stderr, "listening on:\n"); |
141 | 136 | for (a = addr_listen; a; a = a->ai_next) { |
142 | 137 | fprintf(stderr, |
@@ -311,9 +306,8 @@ | ||
311 | 306 | )) { |
312 | 307 | p->description = name; |
313 | 308 | config_setting_lookup_string(prot, "service", &(p->service)); |
314 | 309 | config_setting_lookup_bool(prot, "keepalive", &p->keepalive); |
315 | - config_setting_lookup_bool(prot, "transparent", &p->transparent); | |
316 | 310 | |
317 | 311 | if (config_setting_lookup_int(prot, "log_level", &p->log_level) == CONFIG_FALSE) { |
318 | 312 | p->log_level = 1; |
319 | 313 | } |
@@ -381,9 +375,9 @@ | ||
381 | 375 | config_lookup_bool(&config, "verbose", &verbose); |
382 | 376 | config_lookup_bool(&config, "inetd", &inetd); |
383 | 377 | config_lookup_bool(&config, "foreground", &foreground); |
384 | 378 | config_lookup_bool(&config, "numeric", &numeric); |
385 | - config_lookup_bool(&config, "transparent", &g_transparent); | |
379 | + config_lookup_bool(&config, "transparent", &transparent); | |
386 | 380 | |
387 | 381 | if (config_lookup_int(&config, "timeout", (int *)&timeout) == CONFIG_TRUE) { |
388 | 382 | probing_timeout = timeout; |
389 | 383 | } |
sslh.pod | ||
---|---|---|
@@ -5,9 +5,9 @@ | ||
5 | 5 | sslh - protocol demultiplexer |
6 | 6 | |
7 | 7 | =head1 SYNOPSIS |
8 | 8 | |
9 | -sslh [B<-F>I<config file>] [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--tls> I<target address for TLS>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--xmpp> I<target address for XMPP>] [B<--tinc> I<target address for TINC>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n] | |
9 | +sslh [B<-F> I<config file>] [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--tls> I<target address for TLS>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--xmpp> I<target address for XMPP>] [B<--tinc> I<target address for TINC>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n] | |
10 | 10 | |
11 | 11 | =head1 DESCRIPTION |
12 | 12 | |
13 | 13 | B<sslh> accepts connections on specified ports, and forwards |
@@ -77,17 +77,14 @@ | ||
77 | 77 | =head1 OPTIONS |
78 | 78 | |
79 | 79 | =over 4 |
80 | 80 | |
81 | -=item B<-F>I<filename>, B<--config> I<filename> | |
81 | +=item B<-F> I<filename>, B<--config> I<filename> | |
82 | 82 | |
83 | 83 | Uses I<filename> as configuration file. If other |
84 | 84 | command-line options are specified, they will override the |
85 | 85 | configuration file's settings. |
86 | 86 | |
87 | -When using the shorthand version, make sure there should be | |
88 | -no space between B<-F> and the I<filename>. | |
89 | - | |
90 | 87 | =item B<-t> I<num>, B<--timeout> I<num> |
91 | 88 | |
92 | 89 | Timeout before forwarding the connection to the timeout |
93 | 90 | protocol (which should usually be SSH). Default is 2s. |
Built with git-ssb-web