Commit 1b9937b293a932bf394da6623075b35b5e7bd9d2
Support keepalive for connections on the listening side
Yves Rutschle committed on 2/2/2016, 8:07:47 PMParent: 1814bcb43cdf455b847c17f1313eb35d73f94716
Files changed
common.c | changed |
example.cfg | changed |
sslh-main.c | changed |
common.c | ||
---|---|---|
@@ -86,8 +86,14 @@ | ||
86 | 86 | one = 1; |
87 | 87 | res = setsockopt((*sockfd)[i], SOL_SOCKET, SO_REUSEADDR, (char*)&one, sizeof(one)); |
88 | 88 | check_res_dumpdie(res, addr, "setsockopt(SO_REUSEADDR)"); |
89 | 89 | |
90 | + if (addr->ai_flags & SO_KEEPALIVE) { | |
91 | + res = setsockopt((*sockfd)[i], SOL_SOCKET, SO_KEEPALIVE, (char*)&one, sizeof(one)); | |
92 | + check_res_dumpdie(res, addr, "setsockopt(SO_KEEPALIVE)"); | |
93 | + printf("set up keepalive\n"); | |
94 | + } | |
95 | + | |
90 | 96 | if (IP_FREEBIND) { |
91 | 97 | res = setsockopt((*sockfd)[i], IPPROTO_IP, IP_FREEBIND, (char*)&one, sizeof(one)); |
92 | 98 | check_res_dumpdie(res, addr, "setsockopt(IP_FREEBIND)"); |
93 | 99 | } |
example.cfg | ||
---|---|---|
@@ -13,12 +13,13 @@ | ||
13 | 13 | pidfile: "/var/run/sslh.pid"; |
14 | 14 | |
15 | 15 | |
16 | 16 | # List of interfaces on which we should listen |
17 | +# Options: | |
17 | 18 | listen: |
18 | 19 | ( |
19 | 20 | { host: "thelonious"; port: "443"; }, |
20 | - { host: "thelonious"; port: "8080"; } | |
21 | + { host: "thelonious"; port: "8080"; keepalive: true; } | |
21 | 22 | ); |
22 | 23 | |
23 | 24 | # List of protocols |
24 | 25 | # |
@@ -27,8 +28,12 @@ | ||
27 | 28 | # line (ssh -?), plus 'regex' and 'timeout'. |
28 | 29 | |
29 | 30 | # service: (optional) libwrap service name (see hosts_access(5)) |
30 | 31 | # host, port: where to connect when this probe succeeds |
32 | +# log_level: 0 to turn off logging | |
33 | +# 1 to log each incoming connection | |
34 | +# keepalive: Should TCP keepalive be on or off for that | |
35 | +# connection (default is off) | |
31 | 36 | # |
32 | 37 | # Probe-specific options: |
33 | 38 | # tls: |
34 | 39 | # sni_hostnames: list of FQDN for that target |
@@ -47,9 +52,9 @@ | ||
47 | 52 | # You can specify several of 'regex' and 'tls'. |
48 | 53 | |
49 | 54 | protocols: |
50 | 55 | ( |
51 | - { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; }, | |
56 | + { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; keepalive: true; }, | |
52 | 57 | { name: "http"; host: "localhost"; port: "80"; }, |
53 | 58 | |
54 | 59 | # match BOTH ALPN/SNI |
55 | 60 | { name: "tls"; host: "localhost"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; sni_hostnames: [ "im.somethingelse.net" ]; log_level: 0;}, |
sslh-main.c | ||
---|---|---|
@@ -1,9 +1,9 @@ | ||
1 | 1 | /* |
2 | 2 | |
3 | 3 | |
4 | 4 | # |
5 | -# Copyright (C) 2007-2014 Yves Rutschle | |
5 | +# Copyright (C) 2007-2016 Yves Rutschle | |
6 | 6 | # |
7 | 7 | # This program is free software; you can redistribute it |
8 | 8 | |
9 | 9 | # License as published by the Free Software Foundation; either |
@@ -132,9 +132,12 @@ | ||
132 | 132 | p->saddr->ai_addr->sa_family); |
133 | 133 | } |
134 | 134 | fprintf(stderr, "listening on:\n"); |
135 | 135 | for (a = addr_listen; a; a = a->ai_next) { |
136 | - fprintf(stderr, "\t%s\n", sprintaddr(buf, sizeof(buf), a)); | |
136 | + fprintf(stderr, | |
137 | + "\t%s\t[keepalive: %d]\n", | |
138 | + sprintaddr(buf, sizeof(buf), a), | |
139 | + a->ai_flags & SO_KEEPALIVE ? 1 : 0); | |
137 | 140 | } |
138 | 141 | fprintf(stderr, "timeout: %d\non-timeout: %s\n", probing_timeout, |
139 | 142 | timeout_protocol()->description); |
140 | 143 | } |
@@ -146,9 +149,9 @@ | ||
146 | 149 | |
147 | 150 | static int config_listen(config_t *config, struct addrinfo **listen) |
148 | 151 | { |
149 | 152 | config_setting_t *setting, *addr; |
150 | - int len, i; | |
153 | + int len, i, keepalive; | |
151 | 154 | const char *hostname, *port; |
152 | 155 | |
153 | 156 | setting = config_lookup(config, "listen"); |
154 | 157 | if (setting) { |
@@ -162,14 +165,22 @@ | ||
162 | 165 | config_setting_source_line(addr)); |
163 | 166 | return -1; |
164 | 167 | } |
165 | 168 | |
169 | + keepalive = 0; | |
170 | + config_setting_lookup_bool(addr, "keepalive", &keepalive); | |
171 | + | |
166 | 172 | resolve_split_name(listen, hostname, port); |
167 | 173 | |
168 | 174 | /* getaddrinfo returned a list of addresses corresponding to the |
169 | 175 | * specification; move the pointer to the end of that list before |
170 | - * processing the next specification */ | |
171 | - for (; *listen; listen = &((*listen)->ai_next)); | |
176 | + * processing the next specification, while setting flags for | |
177 | + * start_listen_sockets() through ai_flags (which is not meant for | |
178 | + * that, but is only used as hint in getaddrinfo, so it's OK) */ | |
179 | + for (; *listen; listen = &((*listen)->ai_next)) { | |
180 | + if (keepalive) | |
181 | + (*listen)->ai_flags = SO_KEEPALIVE; | |
182 | + } | |
172 | 183 | } |
173 | 184 | } |
174 | 185 | |
175 | 186 | return 0; |
Built with git-ssb-web