From 067f5d76462e26cdbcb898425cc35453f21df232 Mon Sep 17 00:00:00 2001 From: Yves Rutschle Date: Sun, 8 Jan 2017 12:54:34 +0100 Subject: [PATCH] Revert "clarify no space after -F (issue 108)" This reverts commit f02ce3821c018719536971dbb1bc1ed1517530a2. That commit accidently imported code that broke transparent proxying. --- common.c | 5 +++-- common.h | 3 ++- probe.c | 20 ++++++++++---------- probe.h | 1 - sslh-main.c | 18 ++++++------------ sslh.pod | 7 ++----- 6 files changed, 23 insertions(+), 31 deletions(-) diff --git a/common.c b/common.c index 8187b4d..394cdb1 100644 --- a/common.c +++ b/common.c @@ -37,6 +37,7 @@ int probing_timeout = 2; int inetd = 0; int foreground = 0; int background = 0; +int transparent = 0; int numeric = 0; const char *user_name, *pid_file; @@ -236,7 +237,7 @@ int connect_addr(struct connection *cnx, int fd_from) for (a = cnx->proto->saddr; a; a = a->ai_next) { /* When transparent, make sure both connections use the same address family */ - if (cnx->proto->transparent && a->ai_family != from.ai_addr->sa_family) + if (transparent && a->ai_family != from.ai_addr->sa_family) continue; if (verbose) fprintf(stderr, "connecting to %s family %d len %d\n", @@ -249,7 +250,7 @@ int connect_addr(struct connection *cnx, int fd_from) log_message(LOG_ERR, "forward to %s failed:socket: %s\n", cnx->proto->description, strerror(errno)); } else { - if (cnx->proto->transparent) { + if (transparent) { res = bind_peer(fd, fd_from); CHECK_RES_RETURN(res, "bind_peer"); } diff --git a/common.h b/common.h index 1002d23..701b337 100644 --- a/common.h +++ b/common.h @@ -113,7 +113,8 @@ int start_listen_sockets(int *sockfd[], struct addrinfo *addr_list); int defer_write(struct queue *q, void* data, int data_size); int flush_deferred(struct queue *q); -extern int probing_timeout, verbose, inetd, foreground, background, numeric; +extern int probing_timeout, verbose, inetd, foreground, + background, transparent, numeric; extern struct sockaddr_storage addr_ssl, addr_ssh, addr_openvpn; extern struct addrinfo *addr_listen; extern const char* USAGE_STRING; diff --git a/probe.c b/probe.c index 22bdc3b..9b4a63e 100644 --- a/probe.c +++ b/probe.c @@ -45,16 +45,16 @@ static int is_true(const char *p, int len, struct proto* proto) { return 1; } /* Table of protocols that have a built-in probe */ static struct proto builtins[] = { - /* description service saddr log_level keepalive transparent probe */ - { "ssh", "sshd", NULL, 1, 0, 0, is_ssh_protocol}, - { "openvpn", NULL, NULL, 1, 0, 0, is_openvpn_protocol }, - { "tinc", NULL, NULL, 1, 0, 0, is_tinc_protocol }, - { "xmpp", NULL, NULL, 1, 0, 0, is_xmpp_protocol }, - { "http", NULL, NULL, 1, 0, 0, is_http_protocol }, - { "ssl", NULL, NULL, 1, 0, 0, is_tls_protocol }, - { "tls", NULL, NULL, 1, 0, 0, is_tls_protocol }, - { "adb", NULL, NULL, 1, 0, 0, is_adb_protocol }, - { "anyprot", NULL, NULL, 1, 0, 0, is_true } + /* description service saddr log_level keepalive probe */ + { "ssh", "sshd", NULL, 1, 0, is_ssh_protocol}, + { "openvpn", NULL, NULL, 1, 0, is_openvpn_protocol }, + { "tinc", NULL, NULL, 1, 0, is_tinc_protocol }, + { "xmpp", NULL, NULL, 1, 0, is_xmpp_protocol }, + { "http", NULL, NULL, 1, 0, is_http_protocol }, + { "ssl", NULL, NULL, 1, 0, is_tls_protocol }, + { "tls", NULL, NULL, 1, 0, is_tls_protocol }, + { "adb", NULL, NULL, 1, 0, is_adb_protocol }, + { "anyprot", NULL, NULL, 1, 0, is_true } }; static struct proto *protocols; diff --git a/probe.h b/probe.h index 492e42f..8c576a2 100644 --- a/probe.h +++ b/probe.h @@ -24,7 +24,6 @@ struct proto { * 1: Log incoming connection */ int keepalive; /* 0: No keepalive ; 1: Set Keepalive for this connection */ - int transparent; /* 0: opaque proxy ; 1: transparent proxy */ /* function to probe that protocol; parameters are buffer and length * containing the data to probe, and a pointer to the protocol structure */ diff --git a/sslh-main.c b/sslh-main.c index b72a2c0..3242cc4 100644 --- a/sslh-main.c +++ b/sslh-main.c @@ -39,7 +39,7 @@ const char* USAGE_STRING = "sslh " VERSION "\n" \ "usage:\n" \ -"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F]\n" +"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F ]\n" "\t[-t ] [-P ] -u -p [-p ...] \n" \ "%s\n\n" /* Dynamically built list of builtin protocols */ \ "\t[--on-timeout ]\n" \ @@ -49,7 +49,7 @@ const char* USAGE_STRING = "-n: numeric output\n" \ "-u: specify under which user to run\n" \ "--transparent: behave as a transparent proxy\n" \ -"-F: use configuration file (warning: no space between -F and file name!)\n" \ +"-F: use configuration file\n" \ "--on-timeout: connect to specified address upon timeout (default: ssh address)\n" \ "-t: seconds to wait before connecting to --on-timeout address.\n" \ "-p: address and port to listen on.\n Can be used several times to bind to several addresses.\n" \ @@ -61,14 +61,11 @@ const char* USAGE_STRING = /* Constants for options that have no one-character shorthand */ #define OPT_ONTIMEOUT 257 -/* Global setting for transparent proxying */ -int g_transparent = 0; - static struct option const_options[] = { { "inetd", no_argument, &inetd, 1 }, { "foreground", no_argument, &foreground, 1 }, { "background", no_argument, &background, 1 }, - { "transparent", no_argument, &g_transparent, 1 }, + { "transparent", no_argument, &transparent, 1 }, { "numeric", no_argument, &numeric, 1 }, { "verbose", no_argument, &verbose, 1 }, { "user", required_argument, 0, 'u' }, @@ -126,16 +123,14 @@ static void printsettings(void) for (p = get_first_protocol(); p; p = p->next) { fprintf(stderr, - "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s%s]\n", + "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s]\n", p->description, sprintaddr(buf, sizeof(buf), p->saddr), p->service, p->log_level, p->saddr->ai_family, p->saddr->ai_addr->sa_family, - p->keepalive ? "keepalive " : "", - p->transparent ? "transparent" : "" - ); + p->keepalive ? "keepalive" : ""); } fprintf(stderr, "listening on:\n"); for (a = addr_listen; a; a = a->ai_next) { @@ -312,7 +307,6 @@ static int config_protocols(config_t *config, struct proto **prots) p->description = name; config_setting_lookup_string(prot, "service", &(p->service)); config_setting_lookup_bool(prot, "keepalive", &p->keepalive); - config_setting_lookup_bool(prot, "transparent", &p->transparent); if (config_setting_lookup_int(prot, "log_level", &p->log_level) == CONFIG_FALSE) { p->log_level = 1; @@ -382,7 +376,7 @@ static int config_parse(char *filename, struct addrinfo **listen, struct proto * config_lookup_bool(&config, "inetd", &inetd); config_lookup_bool(&config, "foreground", &foreground); config_lookup_bool(&config, "numeric", &numeric); - config_lookup_bool(&config, "transparent", &g_transparent); + config_lookup_bool(&config, "transparent", &transparent); if (config_lookup_int(&config, "timeout", (int *)&timeout) == CONFIG_TRUE) { probing_timeout = timeout; diff --git a/sslh.pod b/sslh.pod index 8b08d88..b019da8 100644 --- a/sslh.pod +++ b/sslh.pod @@ -6,7 +6,7 @@ =head1 SYNOPSIS -sslh [B<-F>I] [ B<-t> I ] [B<--transparent>] [B<-p> I [B<-p> I ...] [B<--ssl> I] [B<--tls> I] [B<--ssh> I] [B<--openvpn> I] [B<--http> I] [B<--xmpp> I] [B<--tinc> I] [B<--anyprot> I] [B<--on-timeout> I] [B<-u> I] [B<-P> I] [-v] [-i] [-V] [-f] [-n] +sslh [B<-F> I] [ B<-t> I ] [B<--transparent>] [B<-p> I [B<-p> I ...] [B<--ssl> I] [B<--tls> I] [B<--ssh> I] [B<--openvpn> I] [B<--http> I] [B<--xmpp> I] [B<--tinc> I] [B<--anyprot> I] [B<--on-timeout> I] [B<-u> I] [B<-P> I] [-v] [-i] [-V] [-f] [-n] =head1 DESCRIPTION @@ -78,15 +78,12 @@ connections and LOG_ERR for failures. =over 4 -=item B<-F>I, B<--config> I +=item B<-F> I, B<--config> I Uses I as configuration file. If other command-line options are specified, they will override the configuration file's settings. -When using the shorthand version, make sure there should be -no space between B<-F> and the I. - =item B<-t> I, B<--timeout> I Timeout before forwarding the connection to the timeout