git ssb

common.cView
		@@ -36,9 +36,8 @@
36	36	int probing_timeout = 2;
37	37	int inetd = 0;
38	38	int foreground = 0;
39	39	int background = 0;
40		-int transparent = 0;
41	40	int numeric = 0;
42	41	const char user_name, pid_file;
43	42
44	43	struct addrinfo addr_listen = NULL; / what addresses do we listen to? */
		@@ -236,9 +235,9 @@
236	235	CHECK_RES_RETURN(res, "getpeername");
237	236
238	237	for (a = cnx->proto->saddr; a; a = a->ai_next) {
239	238	/* When transparent, make sure both connections use the same address family */
240		- if (transparent && a->ai_family != from.ai_addr->sa_family)
	239	+ if (cnx->proto->transparent && a->ai_family != from.ai_addr->sa_family)
241	240	continue;
242	241	if (verbose)
243	242	fprintf(stderr, "connecting to %s family %d len %d\n",
244	243	sprintaddr(buf, sizeof(buf), a),
		@@ -249,9 +248,9 @@
249	248	if (fd == -1) {
250	249	log_message(LOG_ERR, "forward to %s failed:socket: %s\n",
251	250	cnx->proto->description, strerror(errno));
252	251	} else {
253		- if (transparent) {
	252	+ if (cnx->proto->transparent) {
254	253	res = bind_peer(fd, fd_from);
255	254	CHECK_RES_RETURN(res, "bind_peer");
256	255	}
257	256	res = connect(fd, a->ai_addr, a->ai_addrlen);

common.hView
		@@ -112,10 +112,9 @@
112	112
113	113	int defer_write(struct queue q, void data, int data_size);
114	114	int flush_deferred(struct queue *q);
115	115
116		-extern int probing_timeout, verbose, inetd, foreground,
117		- background, transparent, numeric;
	116	+extern int probing_timeout, verbose, inetd, foreground, background, numeric;
118	117	extern struct sockaddr_storage addr_ssl, addr_ssh, addr_openvpn;
119	118	extern struct addrinfo *addr_listen;
120	119	extern const char* USAGE_STRING;
121	120	extern const char* user_name, *pid_file;

probe.cView
		@@ -44,18 +44,18 @@
44	44
45	45	/* Table of protocols that have a built-in probe
46	46	*/
47	47	static struct proto builtins[] = {
48		- /* description service saddr log_level keepalive probe */
49		- { "ssh", "sshd", NULL, 1, 0, is_ssh_protocol},
50		- { "openvpn", NULL, NULL, 1, 0, is_openvpn_protocol },
51		- { "tinc", NULL, NULL, 1, 0, is_tinc_protocol },
52		- { "xmpp", NULL, NULL, 1, 0, is_xmpp_protocol },
53		- { "http", NULL, NULL, 1, 0, is_http_protocol },
54		- { "ssl", NULL, NULL, 1, 0, is_tls_protocol },
55		- { "tls", NULL, NULL, 1, 0, is_tls_protocol },
56		- { "adb", NULL, NULL, 1, 0, is_adb_protocol },
57		- { "anyprot", NULL, NULL, 1, 0, is_true }
	48	+ /* description service saddr log_level keepalive transparent probe */
	49	+ { "ssh", "sshd", NULL, 1, 0, 0, is_ssh_protocol},
	50	+ { "openvpn", NULL, NULL, 1, 0, 0, is_openvpn_protocol },
	51	+ { "tinc", NULL, NULL, 1, 0, 0, is_tinc_protocol },
	52	+ { "xmpp", NULL, NULL, 1, 0, 0, is_xmpp_protocol },
	53	+ { "http", NULL, NULL, 1, 0, 0, is_http_protocol },
	54	+ { "ssl", NULL, NULL, 1, 0, 0, is_tls_protocol },
	55	+ { "tls", NULL, NULL, 1, 0, 0, is_tls_protocol },
	56	+ { "adb", NULL, NULL, 1, 0, 0, is_adb_protocol },
	57	+ { "anyprot", NULL, NULL, 1, 0, 0, is_true }
58	58	};
59	59
60	60	static struct proto *protocols;
61	61	static char* on_timeout = "ssh";

probe.hView
		@@ -23,8 +23,9 @@
23	23	int log_level; /* 0: No logging of connection
24	24	* 1: Log incoming connection
25	25	*/
26	26	int keepalive; /* 0: No keepalive ; 1: Set Keepalive for this connection */
	27	+ int transparent; /* 0: opaque proxy ; 1: transparent proxy */
27	28
28	29	/* function to probe that protocol; parameters are buffer and length
29	30	* containing the data to probe, and a pointer to the protocol structure */
30	31	T_PROBE* probe;

sslh-main.cView
		@@ -38,9 +38,9 @@
38	38
39	39	const char* USAGE_STRING =
40	40	"sslh " VERSION "\n" \
41	41	"usage:\n" \
42		-"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F <file>]\n"
	42	+"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F<file>]\n"
43	43	"\t[-t <timeout>] [-P <pidfile>] -u <username> -p <add> [-p <addr> ...] \n" \
44	44	"%s\n\n" /* Dynamically built list of builtin protocols */ \
45	45	"\t[--on-timeout <addr>]\n" \
46	46	"-v: verbose\n" \
		@@ -48,9 +48,9 @@
48	48	"-f: foreground\n" \
49	49	"-n: numeric output\n" \
50	50	"-u: specify under which user to run\n" \
51	51	"--transparent: behave as a transparent proxy\n" \
52		-"-F: use configuration file\n" \
	52	+"-F: use configuration file (warning: no space between -F and file name!)\n" \
53	53	"--on-timeout: connect to specified address upon timeout (default: ssh address)\n" \
54	54	"-t: seconds to wait before connecting to --on-timeout address.\n" \
55	55	"-p: address and port to listen on.\n Can be used several times to bind to several addresses.\n" \
56	56	"--[ssh,ssl,...]: where to connect connections from corresponding protocol.\n" \
		@@ -60,13 +60,16 @@
60	60
61	61	/* Constants for options that have no one-character shorthand */
62	62	#define OPT_ONTIMEOUT 257
63	63
	64	+/* Global setting for transparent proxying */
	65	+int g_transparent = 0;
	66	+
64	67	static struct option const_options[] = {
65	68	{ "inetd", no_argument, &inetd, 1 },
66	69	{ "foreground", no_argument, &foreground, 1 },
67	70	{ "background", no_argument, &background, 1 },
68		- { "transparent", no_argument, &transparent, 1 },
	71	+ { "transparent", no_argument, &g_transparent, 1 },
69	72	{ "numeric", no_argument, &numeric, 1 },
70	73	{ "verbose", no_argument, &verbose, 1 },
71	74	{ "user", required_argument, 0, 'u' },
72	75	{ "config", optional_argument, 0, 'F' },
		@@ -122,16 +125,18 @@
122	125	struct proto *p;
123	126
124	127	for (p = get_first_protocol(); p; p = p->next) {
125	128	fprintf(stderr,
126		- "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s]\n",
	129	+ "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s%s]\n",
127	130	p->description,
128	131	sprintaddr(buf, sizeof(buf), p->saddr),
129	132	p->service,
130	133	p->log_level,
131	134	p->saddr->ai_family,
132	135	p->saddr->ai_addr->sa_family,
133		- p->keepalive ? "keepalive" : "");
	136	+ p->keepalive ? "keepalive " : "",
	137	+ p->transparent ? "transparent" : ""
	138	+ );
134	139	}
135	140	fprintf(stderr, "listening on:\n");
136	141	for (a = addr_listen; a; a = a->ai_next) {
137	142	fprintf(stderr,
		@@ -306,8 +311,9 @@
306	311	)) {
307	312	p->description = name;
308	313	config_setting_lookup_string(prot, "service", &(p->service));
309	314	config_setting_lookup_bool(prot, "keepalive", &p->keepalive);
	315	+ config_setting_lookup_bool(prot, "transparent", &p->transparent);
310	316
311	317	if (config_setting_lookup_int(prot, "log_level", &p->log_level) == CONFIG_FALSE) {
312	318	p->log_level = 1;
313	319	}
		@@ -375,9 +381,9 @@
375	381	config_lookup_bool(&config, "verbose", &verbose);
376	382	config_lookup_bool(&config, "inetd", &inetd);
377	383	config_lookup_bool(&config, "foreground", &foreground);
378	384	config_lookup_bool(&config, "numeric", &numeric);
379		- config_lookup_bool(&config, "transparent", &transparent);
	385	+ config_lookup_bool(&config, "transparent", &g_transparent);
380	386
381	387	if (config_lookup_int(&config, "timeout", (int *)&timeout) == CONFIG_TRUE) {
382	388	probing_timeout = timeout;
383	389	}

sslh.podView
		@@ -5,9 +5,9 @@
5	5	sslh - protocol demultiplexer
6	6
7	7	=head1 SYNOPSIS
8	8
9		-sslh [B<-F> I<config file>] [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--tls> I<target address for TLS>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--xmpp> I<target address for XMPP>] [B<--tinc> I<target address for TINC>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n]
	9	+sslh [B<-F>I<config file>] [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--tls> I<target address for TLS>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--xmpp> I<target address for XMPP>] [B<--tinc> I<target address for TINC>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n]
10	10
11	11	=head1 DESCRIPTION
12	12
13	13	B<sslh> accepts connections on specified ports, and forwards
		@@ -77,14 +77,17 @@
77	77	=head1 OPTIONS
78	78
79	79	=over 4
80	80
81		-=item B<-F> I<filename>, B<--config> I<filename>
	81	+=item B<-F>I<filename>, B<--config> I<filename>
82	82
83	83	Uses I<filename> has configuration file. If other
84	84	command-line options are specified, they will override the
85	85	configuration file's settings.
86	86
	87	+When using the shorthand version, make sure there should be
	88	+no space between B<-F> and the I<filename>.
	89	+
87	90	=item B<-t> I<num>, B<--timeout> I<num>
88	91
89	92	Timeout before forwarding the connection to the timeout
90	93	protocol (which should usually be SSH). Default is 2s.

cel / sslh

Commit f02ce3821c018719536971dbb1bc1ed1517530a2

clarify no space after -F (issue 108)

Files changed

common.c	changed
common.h	changed
probe.c	changed
probe.h	changed
sslh-main.c	changed
sslh.pod	changed