Commit 1b9937b293a932bf394da6623075b35b5e7bd9d2
Support keepalive for connections on the listening side
Yves Rutschle committed on 2/2/2016, 8:07:47 PMParent: 1814bcb43cdf455b847c17f1313eb35d73f94716
Files changed
| common.c | changed |
| example.cfg | changed |
| sslh-main.c | changed |
| common.c | ||
|---|---|---|
| @@ -86,8 +86,14 @@ | ||
| 86 | 86 | one = 1; |
| 87 | 87 | res = setsockopt((*sockfd)[i], SOL_SOCKET, SO_REUSEADDR, (char*)&one, sizeof(one)); |
| 88 | 88 | check_res_dumpdie(res, addr, "setsockopt(SO_REUSEADDR)"); |
| 89 | 89 | |
| 90 | + if (addr->ai_flags & SO_KEEPALIVE) { | |
| 91 | + res = setsockopt((*sockfd)[i], SOL_SOCKET, SO_KEEPALIVE, (char*)&one, sizeof(one)); | |
| 92 | + check_res_dumpdie(res, addr, "setsockopt(SO_KEEPALIVE)"); | |
| 93 | + printf("set up keepalive\n"); | |
| 94 | + } | |
| 95 | + | |
| 90 | 96 | if (IP_FREEBIND) { |
| 91 | 97 | res = setsockopt((*sockfd)[i], IPPROTO_IP, IP_FREEBIND, (char*)&one, sizeof(one)); |
| 92 | 98 | check_res_dumpdie(res, addr, "setsockopt(IP_FREEBIND)"); |
| 93 | 99 | } |
| example.cfg | ||
|---|---|---|
| @@ -13,12 +13,13 @@ | ||
| 13 | 13 | pidfile: "/var/run/sslh.pid"; |
| 14 | 14 | |
| 15 | 15 | |
| 16 | 16 | # List of interfaces on which we should listen |
| 17 | +# Options: | |
| 17 | 18 | listen: |
| 18 | 19 | ( |
| 19 | 20 | { host: "thelonious"; port: "443"; }, |
| 20 | - { host: "thelonious"; port: "8080"; } | |
| 21 | + { host: "thelonious"; port: "8080"; keepalive: true; } | |
| 21 | 22 | ); |
| 22 | 23 | |
| 23 | 24 | # List of protocols |
| 24 | 25 | # |
| @@ -27,8 +28,12 @@ | ||
| 27 | 28 | # line (ssh -?), plus 'regex' and 'timeout'. |
| 28 | 29 | |
| 29 | 30 | # service: (optional) libwrap service name (see hosts_access(5)) |
| 30 | 31 | # host, port: where to connect when this probe succeeds |
| 32 | +# log_level: 0 to turn off logging | |
| 33 | +# 1 to log each incoming connection | |
| 34 | +# keepalive: Should TCP keepalive be on or off for that | |
| 35 | +# connection (default is off) | |
| 31 | 36 | # |
| 32 | 37 | # Probe-specific options: |
| 33 | 38 | # tls: |
| 34 | 39 | # sni_hostnames: list of FQDN for that target |
| @@ -47,9 +52,9 @@ | ||
| 47 | 52 | # You can specify several of 'regex' and 'tls'. |
| 48 | 53 | |
| 49 | 54 | protocols: |
| 50 | 55 | ( |
| 51 | - { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; }, | |
| 56 | + { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; keepalive: true; }, | |
| 52 | 57 | { name: "http"; host: "localhost"; port: "80"; }, |
| 53 | 58 | |
| 54 | 59 | # match BOTH ALPN/SNI |
| 55 | 60 | { name: "tls"; host: "localhost"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; sni_hostnames: [ "im.somethingelse.net" ]; log_level: 0;}, |
| sslh-main.c | ||
|---|---|---|
| @@ -1,9 +1,9 @@ | ||
| 1 | 1 | /* |
| 2 | 2 | |
| 3 | 3 | |
| 4 | 4 | # |
| 5 | -# Copyright (C) 2007-2014 Yves Rutschle | |
| 5 | +# Copyright (C) 2007-2016 Yves Rutschle | |
| 6 | 6 | # |
| 7 | 7 | # This program is free software; you can redistribute it |
| 8 | 8 | |
| 9 | 9 | # License as published by the Free Software Foundation; either |
| @@ -132,9 +132,12 @@ | ||
| 132 | 132 | p->saddr->ai_addr->sa_family); |
| 133 | 133 | } |
| 134 | 134 | fprintf(stderr, "listening on:\n"); |
| 135 | 135 | for (a = addr_listen; a; a = a->ai_next) { |
| 136 | - fprintf(stderr, "\t%s\n", sprintaddr(buf, sizeof(buf), a)); | |
| 136 | + fprintf(stderr, | |
| 137 | + "\t%s\t[keepalive: %d]\n", | |
| 138 | + sprintaddr(buf, sizeof(buf), a), | |
| 139 | + a->ai_flags & SO_KEEPALIVE ? 1 : 0); | |
| 137 | 140 | } |
| 138 | 141 | fprintf(stderr, "timeout: %d\non-timeout: %s\n", probing_timeout, |
| 139 | 142 | timeout_protocol()->description); |
| 140 | 143 | } |
| @@ -146,9 +149,9 @@ | ||
| 146 | 149 | |
| 147 | 150 | static int config_listen(config_t *config, struct addrinfo **listen) |
| 148 | 151 | { |
| 149 | 152 | config_setting_t *setting, *addr; |
| 150 | - int len, i; | |
| 153 | + int len, i, keepalive; | |
| 151 | 154 | const char *hostname, *port; |
| 152 | 155 | |
| 153 | 156 | setting = config_lookup(config, "listen"); |
| 154 | 157 | if (setting) { |
| @@ -162,14 +165,22 @@ | ||
| 162 | 165 | config_setting_source_line(addr)); |
| 163 | 166 | return -1; |
| 164 | 167 | } |
| 165 | 168 | |
| 169 | + keepalive = 0; | |
| 170 | + config_setting_lookup_bool(addr, "keepalive", &keepalive); | |
| 171 | + | |
| 166 | 172 | resolve_split_name(listen, hostname, port); |
| 167 | 173 | |
| 168 | 174 | /* getaddrinfo returned a list of addresses corresponding to the |
| 169 | 175 | * specification; move the pointer to the end of that list before |
| 170 | - * processing the next specification */ | |
| 171 | - for (; *listen; listen = &((*listen)->ai_next)); | |
| 176 | + * processing the next specification, while setting flags for | |
| 177 | + * start_listen_sockets() through ai_flags (which is not meant for | |
| 178 | + * that, but is only used as hint in getaddrinfo, so it's OK) */ | |
| 179 | + for (; *listen; listen = &((*listen)->ai_next)) { | |
| 180 | + if (keepalive) | |
| 181 | + (*listen)->ai_flags = SO_KEEPALIVE; | |
| 182 | + } | |
| 172 | 183 | } |
| 173 | 184 | } |
| 174 | 185 | |
| 175 | 186 | return 0; |
Built with git-ssb-web