From 317c08604bc26f8cf05bebcf902df37a17572db5 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Wed, 15 Sep 2021 21:51:11 +0200 Subject: [PATCH 01/19] move logging code to its own file --- Makefile | 2 +- common.c | 73 -------------------------------------- log.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ log.h | 10 ++++++ 4 files changed, 117 insertions(+), 74 deletions(-) create mode 100644 log.c create mode 100644 log.h diff --git a/Makefile b/Makefile index 1c465fe..6ddc454 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ CC ?= gcc CFLAGS ?=-Wall -DLIBPCRE -g $(CFLAGS_COV) LIBS=-lm -lpcre2-8 -OBJS=sslh-conf.o common.o sslh-main.o probe.o tls.o argtable3.o udp-listener.o collection.o gap.o +OBJS=sslh-conf.o common.o log.o sslh-main.o probe.o tls.o argtable3.o udp-listener.o collection.o gap.o CONDITIONAL_TARGETS= diff --git a/common.c b/common.c index 453e271..2758c06 100644 --- a/common.c +++ b/common.c @@ -4,7 +4,6 @@ * No code here should assume whether sockets are blocking or not. **/ -#define SYSLOG_NAMES #define _GNU_SOURCE #include #include @@ -42,8 +41,6 @@ struct sslhcfg_item cfg; struct addrinfo *addr_listen = NULL; /* what addresses do we listen to? */ -static int do_syslog = 1; /* Should we syslog? controled by syslog_facility = "none" */ - #ifdef LIBWRAP #include int allow_severity =0, deny_severity = 0; @@ -590,23 +587,6 @@ void resolve_name(struct addrinfo **out, char* fullname) } } -/* Log to syslog or stderr if foreground */ -void log_message(int type, const char* msg, ...) -{ - va_list ap; - - va_start(ap, msg); - if (cfg.foreground) - vfprintf(stderr, msg, ap); - va_end(ap); - - if (do_syslog) { - va_start(ap, msg); - vsyslog(type, msg, ap); - va_end(ap); - } -} - /* Fills a connection description; returns 0 on failure */ int get_connection_desc(struct connection_desc* desc, const struct connection *cnx) @@ -641,30 +621,6 @@ int get_connection_desc(struct connection_desc* desc, const struct connection *c return 1; } -/* syslogs who connected to where - * desc: string description of the connection. if NULL, log_connection will - * manage on its own - * cnx: connection descriptor - * */ -void log_connection(struct connection_desc* desc, const struct connection *cnx) -{ - struct connection_desc d; - - if (cnx->proto->log_level < 1) - return; - - if (!desc) { - desc = &d; - get_connection_desc(desc, cnx); - } - - log_message(LOG_INFO, "%s:connection from %s to %s forwarded from %s to %s\n", - cnx->proto->name, - desc->peer, - desc->service, - desc->local, - desc->target); -} void set_proctitle_shovel(struct connection_desc* desc, const struct connection *cnx) { @@ -760,35 +716,6 @@ void setup_signals(void) } -/* Open syslog connection with appropriate banner; - * banner is made up of basename(bin_name)+"[pid]" */ -void setup_syslog(const char* bin_name) { - char *name1, *name2; - int res, fn; - - if (!strcmp(cfg.syslog_facility, "none")) { - do_syslog = 0; - return; - } - - name1 = strdup(bin_name); - res = asprintf(&name2, "%s[%d]", basename(name1), getpid()); - CHECK_RES_DIE(res, "asprintf"); - - for (fn = 0; facilitynames[fn].c_val != -1; fn++) - if (strcmp(facilitynames[fn].c_name, cfg.syslog_facility) == 0) - break; - if (facilitynames[fn].c_val == -1) { - fprintf(stderr, "Unknown facility %s\n", cfg.syslog_facility); - exit(1); - } - - openlog(name2, LOG_CONS, facilitynames[fn].c_val); - free(name1); - /* Don't free name2, as openlog(3) uses it (at least in glibc) */ - - log_message(LOG_INFO, "%s %s started\n", server_type, VERSION); -} /* Ask OS to keep capabilities over a setuid(nonzero) */ void set_keepcaps(int val) { diff --git a/log.c b/log.c new file mode 100644 index 0000000..fea3d65 --- /dev/null +++ b/log.c @@ -0,0 +1,106 @@ +/* +# log: processing of all outgoing messages +# +# Copyright (C) 2007-2021 Yves Rutschle +# +# This program is free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more +# details. +# +# The full text for the General Public License is here: +# http://www.gnu.org/licenses/gpl.html + +*/ + + +#define SYSLOG_NAMES +#define _GNU_SOURCE +#include +#include +#include "sslh-conf.h" +#include "common.h" +#include "log.h" + +static int do_syslog = 1; /* Should we syslog? controled by syslog_facility = "none" */ + +/* Open syslog connection with appropriate banner; + * banner is made up of basename(bin_name)+"[pid]" */ +void setup_syslog(const char* bin_name) { + char *name1, *name2; + int res, fn; + + if (!strcmp(cfg.syslog_facility, "none")) { + do_syslog = 0; + return; + } + + name1 = strdup(bin_name); + res = asprintf(&name2, "%s[%d]", basename(name1), getpid()); + CHECK_RES_DIE(res, "asprintf"); + + for (fn = 0; facilitynames[fn].c_val != -1; fn++) + if (strcmp(facilitynames[fn].c_name, cfg.syslog_facility) == 0) + break; + if (facilitynames[fn].c_val == -1) { + fprintf(stderr, "Unknown facility %s\n", cfg.syslog_facility); + exit(1); + } + + openlog(name2, LOG_CONS, facilitynames[fn].c_val); + free(name1); + /* Don't free name2, as openlog(3) uses it (at least in glibc) */ + + log_message(LOG_INFO, "%s %s started\n", server_type, VERSION); +} + + +/* Log to syslog or stderr if foreground */ +void log_message(int type, const char* msg, ...) +{ + va_list ap; + + va_start(ap, msg); + if (cfg.foreground) + vfprintf(stderr, msg, ap); + va_end(ap); + + if (do_syslog) { + va_start(ap, msg); + vsyslog(type, msg, ap); + va_end(ap); + } +} + + +/* syslogs who connected to where + * desc: string description of the connection. if NULL, log_connection will + * manage on its own + * cnx: connection descriptor + * */ +void log_connection(struct connection_desc* desc, const struct connection *cnx) +{ + struct connection_desc d; + + if (cnx->proto->log_level < 1) + return; + + if (!desc) { + desc = &d; + get_connection_desc(desc, cnx); + } + + log_message(LOG_INFO, "%s:connection from %s to %s forwarded from %s to %s\n", + cnx->proto->name, + desc->peer, + desc->service, + desc->local, + desc->target); +} diff --git a/log.h b/log.h new file mode 100644 index 0000000..4bd85e1 --- /dev/null +++ b/log.h @@ -0,0 +1,10 @@ +#ifndef LOG_H +#define LOG_H + +void setup_syslog(const char* bin_name); + +void log_message(int type, const char* msg, ...); + +void log_connection(struct connection_desc* desc, const struct connection *cnx); + +#endif /* LOG_H */ From 5e27806545bf901431adf0d7cb14f0adc2571d26 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 19 Sep 2021 15:13:04 +0200 Subject: [PATCH 02/19] new logging system: now with message classes --- common.c | 18 ++++++------- echosrv-conf.c | 2 +- echosrv-conf.h | 2 +- example.cfg | 8 +++++- log.c | 35 +++++++++++++++++++++++-- log.h | 9 +++++++ sslh-conf.c | 70 ++++++++++++++++++++++++++++++++++++++++---------- sslh-conf.h | 4 ++- sslh-main.c | 27 ++++++++++--------- sslhconf.cfg | 5 +++- test.cfg | 4 +++ 11 files changed, 139 insertions(+), 45 deletions(-) diff --git a/common.c b/common.c index 2758c06..9274d19 100644 --- a/common.c +++ b/common.c @@ -15,6 +15,7 @@ #include "common.h" #include "probe.h" +#include "log.h" #include "sslh-conf.h" /* Added to make the code compilable under CYGWIN @@ -174,7 +175,7 @@ int start_listen_sockets(struct listen_endpoint *sockfd[]) *sockfd = NULL; - if (cfg.verbose) fprintf(stderr, "Listening to:\n"); + print_message(msg_config, "Listening to:\n"); for (i = 0; i < cfg.listen_len; i++) { keepalive = cfg.listen[i].keepalive; @@ -188,10 +189,9 @@ int start_listen_sockets(struct listen_endpoint *sockfd[]) *sockfd = realloc(*sockfd, num_addr * sizeof(*sockfd[0])); (*sockfd)[num_addr-1].socketfd = listen_single_addr(addr, keepalive, udp); (*sockfd)[num_addr-1].type = udp ? SOCK_DGRAM : SOCK_STREAM; - if (cfg.verbose) - fprintf(stderr, "%d:\t%s\t[%s] [%s]\n", (*sockfd)[num_addr-1].socketfd, sprintaddr(buf, sizeof(buf), addr), - cfg.listen[i].keepalive ? "keepalive" : "", - cfg.listen[i].is_udp ? "udp" : ""); + print_message(msg_config, "%d:\t%s\t[%s] [%s]\n", (*sockfd)[num_addr-1].socketfd, sprintaddr(buf, sizeof(buf), addr), + cfg.listen[i].keepalive ? "keepalive" : "", + cfg.listen[i].is_udp ? "udp" : ""); } freeaddrinfo(start_addr); } @@ -793,16 +793,14 @@ void drop_privileges(const char* user_name, const char* chroot_path) if (user_name) { pw = getpwnam(user_name); if (!pw) { - fprintf(stderr, "%s: not found\n", user_name); + print_message(msg_config_error, "%s: not found\n", user_name); exit(2); } - if (cfg.verbose) - fprintf(stderr, "turning into %s\n", user_name); + print_message(msg_config, "turning into %s\n", user_name); } if (chroot_path) { - if (cfg.verbose) - fprintf(stderr, "chrooting into %s\n", chroot_path); + print_message(msg_config, "chrooting into %s\n", chroot_path); res = chroot(chroot_path); CHECK_RES_DIE(res, "chroot"); diff --git a/echosrv-conf.c b/echosrv-conf.c index 38ddc3b..a5d1a71 100644 --- a/echosrv-conf.c +++ b/echosrv-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Fri Aug 13 18:03:20 2021. + * on Sat Sep 18 17:28:37 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle diff --git a/echosrv-conf.h b/echosrv-conf.h index 4f49e9e..0218d99 100644 --- a/echosrv-conf.h +++ b/echosrv-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Fri Aug 13 18:03:20 2021. + * on Sat Sep 18 17:28:37 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle diff --git a/example.cfg b/example.cfg index 4b70d48..974a3f9 100644 --- a/example.cfg +++ b/example.cfg @@ -3,7 +3,6 @@ # not be used as a starting point for a working # configuration. Instead use basic.cfg. -verbose: 0; foreground: true; inetd: false; numeric: false; @@ -13,6 +12,13 @@ user: "nobody"; pidfile: "/var/run/sslh.pid"; chroot: "/var/empty"; +verbose: 0; + +# Logging configuration +# Value: 1: stdout; 2: syslog; 3: both +verbose-config: 0; # config: print configuration at startup + + # Specify which syslog facility to use (names for your # system are usually defined in /usr/include/*/sys/syslog.h # or equivalent) diff --git a/log.c b/log.c index fea3d65..11aed81 100644 --- a/log.c +++ b/log.c @@ -29,6 +29,39 @@ #include "common.h" #include "log.h" +msg_info msg_config = { + LOG_INFO, + &cfg.verbose_config +}; + + +msg_info msg_config_error = { + LOG_ERR, + &cfg.verbose_config_error +}; + + +/* Bitmasks in verbose-* values */ +#define MSG_STDOUT 1 +#define MSG_SYSLOG 2 + +/* Prints a message to stderr and/or syslog if appropriate */ +void print_message(msg_info info, const char* str, ...) +{ + va_list ap; + + va_start(ap, str); + + if ((*info.verbose & MSG_STDOUT) && ! cfg.inetd) + vfprintf(stderr, str, ap); + + if (*info.verbose & MSG_SYSLOG) { + va_start(ap, str); + vsyslog(info.log_level, str, ap); + va_end(ap); + } +} + static int do_syslog = 1; /* Should we syslog? controled by syslog_facility = "none" */ /* Open syslog connection with appropriate banner; @@ -57,8 +90,6 @@ void setup_syslog(const char* bin_name) { openlog(name2, LOG_CONS, facilitynames[fn].c_val); free(name1); /* Don't free name2, as openlog(3) uses it (at least in glibc) */ - - log_message(LOG_INFO, "%s %s started\n", server_type, VERSION); } diff --git a/log.h b/log.h index 4bd85e1..70a76bc 100644 --- a/log.h +++ b/log.h @@ -7,4 +7,13 @@ void log_message(int type, const char* msg, ...); void log_connection(struct connection_desc* desc, const struct connection *cnx); +typedef struct s_msg_info{ + int log_level; + int *verbose; +} msg_info; + +void print_message(msg_info info, const char* str, ...); +extern msg_info msg_config; +extern msg_info msg_config_error; + #endif /* LOG_H */ diff --git a/sslh-conf.c b/sslh-conf.c index 9c52cc6..e16dde9 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Tue Aug 24 13:53:04 2021. + * on Sat Sep 18 22:17:39 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -443,6 +443,8 @@ struct compound_cl_arg { struct arg_file* sslhcfg_conffile; + struct arg_int* sslhcfg_verbose_config; + struct arg_int* sslhcfg_verbose_config_error; struct arg_int* sslhcfg_verbose; struct arg_lit* sslhcfg_version; struct arg_lit* sslhcfg_foreground; @@ -783,10 +785,42 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { + { + /* name */ "verbose_config", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_config, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_config), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 0 + }, + + { + /* name */ "verbose_config_error", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_config_error, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_config_error), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 3 + }, + { /* name */ "verbose", /* type */ CFG_INT, @@ -798,7 +832,7 @@ static struct config_desc table_sslhcfg[] = { /* offset_present */ 0, /* size */ sizeof(int), /* array_type */ -1, - /* mandatory */ 0, + /* mandatory */ 1, /* optional */ 0, /* default_val*/ .default_val.def_int = 0 }, @@ -1123,7 +1157,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [13], + .base_entry = & table_sslhcfg [15], .targets = sslhcfg_listen_targets, @@ -1135,7 +1169,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_ssh_targets, @@ -1147,7 +1181,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_tls_targets, @@ -1159,7 +1193,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_openvpn_targets, @@ -1171,7 +1205,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_tinc_targets, @@ -1183,7 +1217,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_xmpp_targets, @@ -1195,7 +1229,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_http_targets, @@ -1207,7 +1241,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_adb_targets, @@ -1219,7 +1253,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_socks5_targets, @@ -1231,7 +1265,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_syslog_targets, @@ -1243,7 +1277,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [14], + .base_entry = & table_sslhcfg [16], .targets = sslhcfg_anyprot_targets, @@ -1908,6 +1942,8 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) #ifdef LIBCONFIG sslhcfg_conffile = arg_filen("F", "config", "", 0, 1, "Specify configuration file"), #endif + sslhcfg_verbose_config = arg_intn(NULL, "verbose-config", "", 0, 1, ""), + sslhcfg_verbose_config_error = arg_intn(NULL, "verbose-config-error", "", 0, 1, ""), sslhcfg_verbose = arg_intn("v", "verbose", "", 0, 1, ""), sslhcfg_version = arg_litn("V", "version", 0, 1, "Print version information and exit"), sslhcfg_foreground = arg_litn("f", "foreground", 0, 1, "Run in foreground instead of as a daemon"), @@ -2076,6 +2112,12 @@ void sslhcfg_fprint( int depth) { int i; + indent(out, depth); + fprintf(out, "verbose_config: %d", sslhcfg->verbose_config); + fprintf(out, "\n"); + indent(out, depth); + fprintf(out, "verbose_config_error: %d", sslhcfg->verbose_config_error); + fprintf(out, "\n"); indent(out, depth); fprintf(out, "verbose: %d", sslhcfg->verbose); fprintf(out, "\n"); diff --git a/sslh-conf.h b/sslh-conf.h index 7e09ccc..1f900e1 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Tue Aug 24 13:53:04 2021. + * on Sat Sep 18 22:17:39 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -74,6 +74,8 @@ struct sslhcfg_protocols_item { }; struct sslhcfg_item { + int verbose_config; + int verbose_config_error; int verbose; int version; int foreground; diff --git a/sslh-main.c b/sslh-main.c index 1777c93..bb737f5 100644 --- a/sslh-main.c +++ b/sslh-main.c @@ -36,6 +36,7 @@ #include "common.h" #include "probe.h" +#include "log.h" /* Constants for options that have no one-character shorthand */ #define OPT_ONTIMEOUT 257 @@ -50,7 +51,7 @@ static void printcaps(void) { desc = cap_to_text(caps, &len); - fprintf(stderr, "capabilities: %s\n", desc); + print_message(msg_config, "capabilities: %s\n", desc); cap_free(caps); cap_free(desc); @@ -65,7 +66,7 @@ static void printsettings(void) for (i = 0; i < cfg.protocols_len; i++ ) { p = &cfg.protocols[i]; - fprintf(stderr, + print_message(msg_config, "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s] [%s] [%s]\n", p->name, sprintaddr(buf, sizeof(buf), p->saddr), @@ -78,7 +79,7 @@ static void printsettings(void) p->transparent ? "transparent" : "" ); } - fprintf(stderr, "timeout: %d\non-timeout: %s\n", cfg.timeout, + print_message(msg_config, "timeout: %d\non-timeout: %s\n", cfg.timeout, timeout_protocol()->name); } @@ -124,13 +125,13 @@ static void config_protocols() for (i = 0; i < cfg.protocols_len; i++) { struct sslhcfg_protocols_item* p = &(cfg.protocols[i]); if (resolve_split_name(&(p->saddr), p->host, p->port)) { - fprintf(stderr, "cannot resolve %s:%s\n", p->host, p->port); + print_message(msg_config_error, "cannot resolve %s:%s\n", p->host, p->port); exit(4); } p->probe = get_probe(p->name); if (!p->probe) { - fprintf(stderr, "%s: probe unknown\n", p->name); + print_message(msg_config_error, "%s: probe unknown\n", p->name); exit(1); } @@ -155,14 +156,14 @@ static void config_protocols() void config_sanity_check(struct sslhcfg_item* cfg) { if (!cfg->protocols_len) { - fprintf(stderr, "At least one target protocol must be specified.\n"); + print_message(msg_config_error, "At least one target protocol must be specified.\n"); exit(2); } /* If compiling with systemd socket support no need to require listen address */ #ifndef SYSTEMD if (!cfg->listen_len && !cfg->inetd) { - fprintf(stderr, "No listening address specified; use at least one -p option\n"); + print_message(msg_config_error, "No listening address specified; use at least one -p option\n"); exit(1); } #endif @@ -184,8 +185,6 @@ int main(int argc, char *argv[], char* envp[]) memset(&cfg, 0, sizeof(cfg)); res = sslhcfg_cl_parse(argc, argv, &cfg); if (res) exit(6); - if (cfg.verbose > 3) - sslhcfg_fprint(stderr, &cfg, 0); if (cfg.version) { printf("%s %s\n", server_type, VERSION); @@ -202,14 +201,13 @@ int main(int argc, char *argv[], char* envp[]) exit(0); } - if (cfg.verbose) - printsettings(); + printsettings(); num_addr_listen = start_listen_sockets(&listen_sockets); #ifdef SYSTEMD if (num_addr_listen < 1) { - fprintf(stderr, "No listening sockets found, restart sockets or specify addresses in config\n"); + print_message(msg_config_error, "No listening sockets found, restart sockets or specify addresses in config\n"); exit(1); } #endif @@ -235,8 +233,9 @@ int main(int argc, char *argv[], char* envp[]) if (cfg.user || cfg.chroot) drop_privileges(cfg.user, cfg.chroot); - if (cfg.verbose) - printcaps(); + printcaps(); + + print_message(msg_config, "%s %s started\n", server_type, VERSION); main_loop(listen_sockets, num_addr_listen); diff --git a/sslhconf.cfg b/sslhconf.cfg index ed5b588..bb4b830 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -25,7 +25,10 @@ config: { name : "sslhcfg", type: "list", items: ( - { name: "verbose"; type: "int"; default: 0; short: "v"; }, + { name: "verbose-config"; type: "int"; default: 0; }, + { name: "verbose-config-error"; type: "int"; default: 3; }, + + { name: "verbose"; type: "int"; short: "v" }, # to delete { name: "version"; type: "bool"; default: false; short: "V"; description: "Print version information and exit"; }, diff --git a/test.cfg b/test.cfg index 7dd66ea..08b37df 100644 --- a/test.cfg +++ b/test.cfg @@ -11,6 +11,10 @@ pidfile: "/tmp/sslh_test.pid"; syslog_facility: "auth"; +# Logging configuration +# Value: 1: stdout; 2: syslog; 3: both +#verbose-config: 3; # config: print configuration at startup +#verbose-config-error: 3; #config-error: print configuration errors # List of interfaces on which we should listen # Options: From 098a55fd1d209aa513687b81f746717057495484 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 19 Sep 2021 15:14:38 +0200 Subject: [PATCH 03/19] new logging system: now with message classes --- sslh-main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sslh-main.c b/sslh-main.c index bb737f5..99d6297 100644 --- a/sslh-main.c +++ b/sslh-main.c @@ -104,7 +104,7 @@ static void setup_regex_probe(struct sslhcfg_protocols_item *p) &error, &error_offset, NULL); if (!pattern_list[i]) { pcre2_get_error_message(error, err_str, sizeof(err_str)); - fprintf(stderr, "compiling pattern /%s/:%d:%s at offset %ld\n", + print_message(msg_config_error, "compiling pattern /%s/:%d:%s at offset %ld\n", p->regex_patterns[i], error, err_str, error_offset); exit(1); } From dbad46a358c37aeb3363ee628a8ad11ebb27b21b Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 19 Sep 2021 15:19:37 +0200 Subject: [PATCH 04/19] remove obsolete debug code --- sslh-select.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/sslh-select.c b/sslh-select.c index e8d8ca2..a77d883 100644 --- a/sslh-select.c +++ b/sslh-select.c @@ -38,8 +38,6 @@ #include "collection.h" #include "gap.h" -static int debug = 0; - const char* server_type = "sslh-select"; /* Global state for a select() loop */ @@ -347,8 +345,6 @@ int active_queue(struct connection* cnx, int fd) static void tcp_read_process(struct select_info* fd_info, int fd) { - if (debug) fprintf(stderr, "cnx_read_process fd %d\n", fd); - cnx_collection* collection = fd_info->collection; struct connection* cnx = collection_get_cnx_from_fd(collection, fd); /* Determine active queue (0 or 1): if fd is that of q[1], active_q = 1, @@ -403,8 +399,6 @@ static void cnx_read_process(struct select_info* fd_info, int fd) /* Process a connection that is active in write */ static void cnx_write_process(struct select_info* fd_info, int fd) { - if (debug) fprintf(stderr, "cnx_write_process fd %d\n", fd); - struct connection* cnx = collection_get_cnx_from_fd(fd_info->collection, fd); int res; int queue = active_queue(cnx, fd); @@ -433,8 +427,6 @@ void cnx_accept_process(struct select_info* fd_info, struct listen_endpoint* lis struct connection* cnx; int new_fd; - if (debug) fprintf(stderr, "cnx_accept_process fd %d\n", fd); - switch (type) { case SOCK_STREAM: cnx = accept_new_connection(fd, fd_info->collection); From f7b6f669a472407be2e6dcc085621c46c12e3329 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 19 Sep 2021 20:24:46 +0200 Subject: [PATCH 05/19] sslh-select to use new log system --- log.c | 19 ++++++++- log.h | 5 +++ sslh-conf.c | 110 ++++++++++++++++++++++++++++++++++++++++++++------ sslh-conf.h | 6 ++- sslh-select.c | 48 +++++++++------------- sslhconf.cfg | 5 +++ test.cfg | 6 +++ 7 files changed, 156 insertions(+), 43 deletions(-) diff --git a/log.c b/log.c index 11aed81..4c01fcb 100644 --- a/log.c +++ b/log.c @@ -34,12 +34,29 @@ msg_info msg_config = { &cfg.verbose_config }; - msg_info msg_config_error = { LOG_ERR, &cfg.verbose_config_error }; +msg_info msg_fd = { + LOG_DEBUG, + &cfg.verbose_fd +}; + +/* Internal errors: inconsistent states, impossible values, things that should never happen, and are therefore the sign of memory corruption: hence the LOG_CRIT */ +msg_info msg_int_error = { + LOG_CRIT, + &cfg.verbose_system_error +}; + +/* System errors: when the system around us fails us: memory allocation, fork, ... */ +msg_info msg_system_error = { + LOG_ERR, + &cfg.verbose_system_error +}; + + /* Bitmasks in verbose-* values */ #define MSG_STDOUT 1 diff --git a/log.h b/log.h index 70a76bc..e99b77b 100644 --- a/log.h +++ b/log.h @@ -16,4 +16,9 @@ void print_message(msg_info info, const char* str, ...); extern msg_info msg_config; extern msg_info msg_config_error; +extern msg_info msg_fd; + +extern msg_info msg_int_error; +extern msg_info msg_system_error; + #endif /* LOG_H */ diff --git a/sslh-conf.c b/sslh-conf.c index e16dde9..6d8eb46 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sat Sep 18 22:17:39 2021. + * on Sun Sep 19 20:20:24 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -445,6 +445,10 @@ struct compound_cl_arg { struct arg_file* sslhcfg_conffile; struct arg_int* sslhcfg_verbose_config; struct arg_int* sslhcfg_verbose_config_error; + struct arg_int* sslhcfg_verbose_connections; + struct arg_int* sslhcfg_verbose_fd; + struct arg_int* sslhcfg_verbose_system_error; + struct arg_int* sslhcfg_verbose_int_error; struct arg_int* sslhcfg_verbose; struct arg_lit* sslhcfg_version; struct arg_lit* sslhcfg_foreground; @@ -785,7 +789,7 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { @@ -821,6 +825,70 @@ static struct config_desc table_sslhcfg[] = { /* default_val*/ .default_val.def_int = 3 }, + { + /* name */ "verbose_connections", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_connections, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_connections), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 0 + }, + + { + /* name */ "verbose_fd", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_fd, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_fd), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 0 + }, + + { + /* name */ "verbose_system_error", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_system_error, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_system_error), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 3 + }, + + { + /* name */ "verbose_int_error", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_int_error, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_int_error), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 3 + }, + { /* name */ "verbose", /* type */ CFG_INT, @@ -1157,7 +1225,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [15], + .base_entry = & table_sslhcfg [19], .targets = sslhcfg_listen_targets, @@ -1169,7 +1237,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_ssh_targets, @@ -1181,7 +1249,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_tls_targets, @@ -1193,7 +1261,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_openvpn_targets, @@ -1205,7 +1273,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_tinc_targets, @@ -1217,7 +1285,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_xmpp_targets, @@ -1229,7 +1297,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_http_targets, @@ -1241,7 +1309,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_adb_targets, @@ -1253,7 +1321,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_socks5_targets, @@ -1265,7 +1333,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_syslog_targets, @@ -1277,7 +1345,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [16], + .base_entry = & table_sslhcfg [20], .targets = sslhcfg_anyprot_targets, @@ -1944,6 +2012,10 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) #endif sslhcfg_verbose_config = arg_intn(NULL, "verbose-config", "", 0, 1, ""), sslhcfg_verbose_config_error = arg_intn(NULL, "verbose-config-error", "", 0, 1, ""), + sslhcfg_verbose_connections = arg_intn(NULL, "verbose-connections", "", 0, 1, ""), + sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "", 0, 1, ""), + sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "", 0, 1, ""), + sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "", 0, 1, ""), sslhcfg_verbose = arg_intn("v", "verbose", "", 0, 1, ""), sslhcfg_version = arg_litn("V", "version", 0, 1, "Print version information and exit"), sslhcfg_foreground = arg_litn("f", "foreground", 0, 1, "Run in foreground instead of as a daemon"), @@ -2119,6 +2191,18 @@ void sslhcfg_fprint( fprintf(out, "verbose_config_error: %d", sslhcfg->verbose_config_error); fprintf(out, "\n"); indent(out, depth); + fprintf(out, "verbose_connections: %d", sslhcfg->verbose_connections); + fprintf(out, "\n"); + indent(out, depth); + fprintf(out, "verbose_fd: %d", sslhcfg->verbose_fd); + fprintf(out, "\n"); + indent(out, depth); + fprintf(out, "verbose_system_error: %d", sslhcfg->verbose_system_error); + fprintf(out, "\n"); + indent(out, depth); + fprintf(out, "verbose_int_error: %d", sslhcfg->verbose_int_error); + fprintf(out, "\n"); + indent(out, depth); fprintf(out, "verbose: %d", sslhcfg->verbose); fprintf(out, "\n"); indent(out, depth); diff --git a/sslh-conf.h b/sslh-conf.h index 1f900e1..81ef678 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sat Sep 18 22:17:39 2021. + * on Sun Sep 19 20:20:24 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -76,6 +76,10 @@ struct sslhcfg_protocols_item { struct sslhcfg_item { int verbose_config; int verbose_config_error; + int verbose_connections; + int verbose_fd; + int verbose_system_error; + int verbose_int_error; int verbose; int version; int foreground; diff --git a/sslh-select.c b/sslh-select.c index a77d883..65fbadf 100644 --- a/sslh-select.c +++ b/sslh-select.c @@ -37,6 +37,7 @@ #include "udp-listener.h" #include "collection.h" #include "gap.h" +#include "log.h" const char* server_type = "sslh-select"; @@ -65,8 +66,7 @@ static int tidy_connection(struct connection *cnx, struct select_info* fd_info) for (i = 0; i < 2; i++) { if (cnx->q[i].fd != -1) { - if (cfg.verbose) - fprintf(stderr, "closing fd %d\n", cnx->q[i].fd); + print_message(msg_fd, "closing fd %d\n", cnx->q[i].fd); FD_CLR(cnx->q[i].fd, fds); FD_CLR(cnx->q[i].fd, fds2); @@ -97,7 +97,7 @@ static struct connection* accept_new_connection(int listen_socket, struct cnx_co int in_socket, res; - if (cfg.verbose) fprintf(stderr, "accepting from %d\n", listen_socket); + print_message(msg_fd, "accepting from %d\n", listen_socket); in_socket = accept(listen_socket, 0, 0); CHECK_RES_RETURN(in_socket, "accept", NULL); @@ -156,8 +156,7 @@ static void shovel(struct connection *cnx, int active_fd, struct select_info* fd read_q = &cnx->q[active_fd]; write_q = &cnx->q[1-active_fd]; - if (cfg.verbose) - fprintf(stderr, "activity on fd%d\n", read_q->fd); + print_message(msg_fd, "activity on fd%d\n", read_q->fd); switch(fd2fd(write_q, read_q)) { case -1: @@ -210,16 +209,14 @@ static void shovel_single(struct connection *cnx) if (FD_ISSET(cnx->q[i].fd, &fds_w)) { res = flush_deferred(&cnx->q[i]); if ((res == -1) && ((errno == EPIPE) || (errno == ECONNRESET))) { - if (cfg.verbose) - fprintf(stderr, "%s socket closed\n", i ? "server" : "client"); + print_message(msg_fd, "%s socket closed\n", i ? "server" : "client"); return; } } if (FD_ISSET(cnx->q[i].fd, &fds_r)) { res = fd2fd(&cnx->q[1-i], &cnx->q[i]); if (!res) { - if (cfg.verbose) - fprintf(stderr, "socket closed\n"); + print_message(msg_fd, "socket closed\n"); return; } } @@ -256,8 +253,7 @@ static void connect_proxy(struct connection *cnx) close(in_socket); close(out_socket); - if (cfg.verbose) - fprintf(stderr, "connection closed down\n"); + print_message(msg_fd, "connection closed down\n"); exit(0); } @@ -315,7 +311,7 @@ static void probing_read_process(struct connection* cnx, /* free(cnx); */ connect_proxy(cnx); exit(0); - case -1: log_message(LOG_ERR, "fork failed: err %d: %s\n", errno, strerror(errno)); + case -1: print_message(msg_system_error, "fork failed: err %d: %s\n", errno, strerror(errno)); break; default: /* parent */ break; @@ -337,7 +333,7 @@ int active_queue(struct connection* cnx, int fd) if (cnx->q[0].fd == fd) return 0; if (cnx->q[1].fd == fd) return 1; - log_message(LOG_ERR, "file descriptor %d not found in connection object\n", fd); + print_message(msg_int_error, "file descriptor %d not found in connection object\n", fd); return -1; } @@ -355,7 +351,7 @@ static void tcp_read_process(struct select_info* fd_info, case ST_PROBING: if (active_q == 1) { - fprintf(stderr, "Activity on fd2 while probing, impossible\n"); + print_message(msg_int_error, "Activity on fd2 while probing, impossible\n"); dump_connection(cnx); exit(1); } @@ -369,7 +365,7 @@ static void tcp_read_process(struct select_info* fd_info, break; default: /* illegal */ - log_message(LOG_ERR, "Illegal connection state %d\n", cnx->state); + print_message(msg_int_error, "Illegal connection state %d\n", cnx->state); dump_connection(cnx); exit(1); } @@ -389,11 +385,10 @@ static void cnx_read_process(struct select_info* fd_info, int fd) break; default: - log_message(LOG_ERR, "cnx_read_process: Illegal connection type %d\n", cnx->type); + print_message(msg_int_error, "cnx_read_process: Illegal connection type %d\n", cnx->type); dump_connection(cnx); exit(1); } - } /* Process a connection that is active in write */ @@ -439,13 +434,13 @@ void cnx_accept_process(struct select_info* fd_info, struct listen_endpoint* lis case SOCK_DGRAM: new_fd = udp_c2s_forward(fd, fd_info->collection, fd_info->max_fd); - fprintf(stderr, "new_fd %d\n", new_fd); + print_message(msg_fd, "new_fd %d\n", new_fd); if (new_fd == -1) return; break; default: - log_message(LOG_ERR, "Inconsistent cnx type: %d\n", type); + print_message(msg_int_error, "Inconsistent cnx type: %d\n", type); exit(1); return; } @@ -478,8 +473,7 @@ static void udp_timeouts(struct select_info* fd_info) time_t timeout = udp_timeout(cnx); if (!timeout) continue; /* Not a UDP connection */ if (cnx && (timeout <= now)) { - if (cfg.verbose > 3) - fprintf(stderr, "timed out UDP %d\n", cnx->target_sock); + print_message(msg_fd, "timed out UDP %d\n", cnx->target_sock); close(cnx->target_sock); FD_CLR(i, &fd_info->fds_r); FD_CLR(i, &fd_info->fds_w); @@ -537,8 +531,7 @@ void main_loop(struct listen_endpoint listen_sockets[], int num_addr_listen) memcpy(&readfds, &fd_info.fds_r, sizeof(readfds)); memcpy(&writefds, &fd_info.fds_w, sizeof(writefds)); - if (cfg.verbose) - fprintf(stderr, "selecting... max_fd=%d num_probing=%d\n", + print_message(msg_fd, "selecting... max_fd=%d num_probing=%d\n", fd_info.max_fd, fd_info.num_probing); res = select(fd_info.max_fd, &readfds, &writefds, NULL, fd_info.num_probing ? &tv : NULL); @@ -570,14 +563,13 @@ void main_loop(struct listen_endpoint listen_sockets[], int num_addr_listen) for (i = 0; i < fd_info.num_probing; i++) { struct connection* cnx = gap_get(fd_info.probing_list, i); if (!cnx || cnx->state != ST_PROBING) { - log_message(LOG_ERR, "Inconsistent probing: cnx=%0xp\n", cnx); + print_message(msg_int_error, "Inconsistent probing: cnx=%0xp\n", cnx); if (cnx) - log_message(LOG_ERR, "Inconsistent probing: state=%d\n", cnx); + print_message(msg_int_error, "Inconsistent probing: state=%d\n", cnx); exit(1); } if (cnx->probe_timeout < time(NULL)) { - if (cfg.verbose) - fprintf(stderr, "timeout slot %d\n", i); + print_message(msg_fd, "timeout slot %d\n", i); probing_read_process(cnx, &fd_info); } } @@ -596,7 +588,7 @@ void main_loop(struct listen_endpoint listen_sockets[], int num_addr_listen) void start_shoveler(int listen_socket) { - fprintf(stderr, "inetd mode is not supported in select mode\n"); + print_message(msg_config_error, "inetd mode is not supported in select mode\n"); exit(1); } diff --git a/sslhconf.cfg b/sslhconf.cfg index bb4b830..6a9a0fa 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -27,6 +27,11 @@ config: { items: ( { name: "verbose-config"; type: "int"; default: 0; }, { name: "verbose-config-error"; type: "int"; default: 3; }, + { name: "verbose-connections"; type: "int"; default: 0; }, + { name: "verbose-fd"; type: "int"; default: 0; }, + + { name: "verbose-system-error"; type: "int"; default: 3; }, + { name: "verbose-int-error"; type: "int"; default: 3; }, { name: "verbose"; type: "int"; short: "v" }, # to delete { name: "version"; type: "bool"; default: false; diff --git a/test.cfg b/test.cfg index 08b37df..5f31027 100644 --- a/test.cfg +++ b/test.cfg @@ -13,8 +13,14 @@ syslog_facility: "auth"; # Logging configuration # Value: 1: stdout; 2: syslog; 3: both +# Defaults should be sensible. Generally, you want *-error +# to be always enabled, to know if something is going wrong. #verbose-config: 3; # config: print configuration at startup #verbose-config-error: 3; #config-error: print configuration errors +#verbose-connections: 3; #config-connections: track connections +#verbose-fd: 3; # file descriptor activity, open/close/whatnot +#verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing +#verbose-int-error: 3; # internal errors, the kind that should never happen # List of interfaces on which we should listen # Options: From 673c40954e368b3ca5e479aa5962f81fe643118b Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 19 Sep 2021 20:29:43 +0200 Subject: [PATCH 06/19] migrate sslh-fork to new log system --- sslh-fork.c | 17 ++++++++--------- sslh-select.c | 7 ++----- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/sslh-fork.c b/sslh-fork.c index 128c144..4ad699e 100644 --- a/sslh-fork.c +++ b/sslh-fork.c @@ -24,6 +24,7 @@ #include "probe.h" #include "sslh-conf.h" #include "udp-listener.h" +#include "log.h" #ifdef LIBBSD #include @@ -58,8 +59,7 @@ int shovel(struct connection *cnx) if (FD_ISSET(cnx->q[i].fd, &fds)) { res = fd2fd(&cnx->q[1-i], &cnx->q[i]); if (res == FD_CNXCLOSED) { - if (cfg.verbose) - fprintf(stderr, "%s %s", i ? "client" : "server", "socket closed\n"); + print_message(msg_fd, "%s %s", i ? "client" : "server", "socket closed\n"); return res; } } @@ -100,7 +100,7 @@ void start_shoveler(int in_socket) /* Timed out: it's necessarily SSH */ cnx.proto = timeout_protocol(); if (cfg.verbose) - log_message(LOG_INFO, "timed out, connect to %s\n", cnx.proto->name); + print_message(msg_fd, "timed out, connect to %s\n", cnx.proto->name); break; } } @@ -129,8 +129,7 @@ void start_shoveler(int in_socket) close(in_socket); close(out_socket); - if (cfg.verbose) - fprintf(stderr, "connection closed down\n"); + print_message(msg_fd, "connection closed down\n"); exit(0); } @@ -179,10 +178,10 @@ void tcp_listener(struct listen_endpoint* endpoint, int num_endpoints, int activ while (1) { in_socket = accept(endpoint[active_endpoint].socketfd, 0, 0); - if (cfg.verbose) fprintf(stderr, "accepted fd %d\n", in_socket); + print_message(msg_fd, "accepted fd %d\n", in_socket); switch(fork()) { - case -1: log_message(LOG_ERR, "fork failed: err %d: %s\n", errno, strerror(errno)); + case -1: print_message(msg_system_error, "fork failed: err %d: %s\n", errno, strerror(errno)); break; case 0: /* In child process */ @@ -214,13 +213,13 @@ void main_loop(struct listen_endpoint listen_sockets[], int num_addr_listen) listener_pid[i] = fork(); switch(listener_pid[i]) { /* Log if fork() fails for some reason */ - case -1: log_message(LOG_ERR, "fork failed: err %d: %s\n", errno, strerror(errno)); + case -1: print_message(msg_system_error, "fork failed: err %d: %s\n", errno, strerror(errno)); break; /* We're in the child, we have work to do */ case 0: set_listen_procname(&listen_sockets[i]); if (listen_sockets[i].type == SOCK_DGRAM) - log_message(LOG_ERR, "UDP not (yet?) supported in sslh-fork\n"); + print_message(msg_config_error, "UDP not (yet?) supported in sslh-fork\n"); else tcp_listener(listen_sockets, num_addr_listen, i); break; diff --git a/sslh-select.c b/sslh-select.c index 65fbadf..a5cc45b 100644 --- a/sslh-select.c +++ b/sslh-select.c @@ -83,7 +83,7 @@ static int tidy_connection(struct connection *cnx, struct select_info* fd_info) * and FD_CLR. Need to drop connections if we go above that limit */ static int fd_is_in_range(int fd) { if (fd >= FD_SETSIZE) { - log_message(LOG_ERR, "too many open file descriptor to monitor them all -- dropping connection\n"); + print_message(msg_system_error, "too many open file descriptor to monitor them all -- dropping connection\n"); return 0; } return 1; @@ -286,10 +286,7 @@ static void probing_read_process(struct connection* cnx, * data so probe the protocol */ if ((cnx->probe_timeout < time(NULL))) { cnx->proto = timeout_protocol(); - if (cfg.verbose) - log_message(LOG_INFO, - "timed out, connect to %s\n", - cnx->proto->name); + print_message(msg_fd, "timed out, connect to %s\n", cnx->proto->name); } else { res = probe_client_protocol(cnx); if (res == PROBE_AGAIN) From e5f16b93ce9686e54c65c0955bbab6e74becf318 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 19 Sep 2021 21:54:47 +0200 Subject: [PATCH 07/19] hexdump writes to parametrable msg_info --- common.c | 10 ++++---- echosrv-conf.c | 2 +- echosrv-conf.h | 2 +- log.c | 7 +++++ log.h | 1 + probe.c | 28 ++++++++++++-------- probe.h | 3 ++- sslh-conf.c | 70 ++++++++++++++++++++++++++++++++++++++++---------- sslh-conf.h | 4 ++- sslhconf.cfg | 4 ++- test.cfg | 1 + 11 files changed, 97 insertions(+), 35 deletions(-) diff --git a/common.c b/common.c index 9274d19..131a10b 100644 --- a/common.c +++ b/common.c @@ -427,11 +427,11 @@ void init_cnx(struct connection *cnx) void dump_connection(struct connection *cnx) { - printf("state: %d\n", cnx->state); - printf("0: fd %d, %d deferred\n", cnx->q[0].fd, cnx->q[0].deferred_data_size); - hexdump(cnx->q[0].deferred_data, cnx->q[0].deferred_data_size); - printf("1: fd %d, %d deferred\n", cnx->q[1].fd, cnx->q[1].deferred_data_size); - hexdump(cnx->q[1].deferred_data, cnx->q[1].deferred_data_size); + print_message(msg_int_error, "state: %d\n", cnx->state); + print_message(msg_int_error, "0: fd %d, %d deferred\n", cnx->q[0].fd, cnx->q[0].deferred_data_size); + hexdump(msg_int_error, cnx->q[0].deferred_data, cnx->q[0].deferred_data_size); + print_message(msg_int_error, "1: fd %d, %d deferred\n", cnx->q[1].fd, cnx->q[1].deferred_data_size); + hexdump(msg_int_error, cnx->q[1].deferred_data, cnx->q[1].deferred_data_size); } diff --git a/echosrv-conf.c b/echosrv-conf.c index a5d1a71..581c61e 100644 --- a/echosrv-conf.c +++ b/echosrv-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sat Sep 18 17:28:37 2021. + * on Sun Sep 19 21:54:08 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle diff --git a/echosrv-conf.h b/echosrv-conf.h index 0218d99..cfc9cc8 100644 --- a/echosrv-conf.h +++ b/echosrv-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sat Sep 18 17:28:37 2021. + * on Sun Sep 19 21:54:08 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle diff --git a/log.c b/log.c index 4c01fcb..eb89515 100644 --- a/log.c +++ b/log.c @@ -57,6 +57,13 @@ msg_info msg_system_error = { }; +msg_info msg_packets = { + LOG_INFO, + &cfg.verbose_packets +}; + + + /* Bitmasks in verbose-* values */ #define MSG_STDOUT 1 diff --git a/log.h b/log.h index e99b77b..563d217 100644 --- a/log.h +++ b/log.h @@ -17,6 +17,7 @@ extern msg_info msg_config; extern msg_info msg_config_error; extern msg_info msg_fd; +extern msg_info msg_packets; extern msg_info msg_int_error; extern msg_info msg_system_error; diff --git a/probe.c b/probe.c index f3d4529..657842e 100644 --- a/probe.c +++ b/probe.c @@ -1,7 +1,7 @@ /* # probe.c: Code for probing protocols # -# Copyright (C) 2007-2019 Yves Rutschle +# Copyright (C) 2007-2021 Yves Rutschle # # This program is free software; you can redistribute it # and/or modify it under the terms of the GNU General Public @@ -27,6 +27,7 @@ #endif #include #include "probe.h" +#include "log.h" @@ -81,33 +82,38 @@ struct sslhcfg_protocols_item* timeout_protocol(void) /* From http://grapsus.net/blog/post/Hexadecimal-dump-in-C */ #define HEXDUMP_COLS 16 -void hexdump(const char *mem, unsigned int len) +void hexdump(msg_info msg_info, const char *mem, unsigned int len) { unsigned int i, j; + char str[10 + HEXDUMP_COLS * 4 + 2]; + int c = 0; /* index in str */ for(i = 0; i < len + ((len % HEXDUMP_COLS) ? (HEXDUMP_COLS - len % HEXDUMP_COLS) : 0); i++) { /* print offset */ if(i % HEXDUMP_COLS == 0) - fprintf(stderr, "0x%06x: ", i); + c += sprintf(&str[c], "0x%06x: ", i); /* print hex data */ if(i < len) - fprintf(stderr, "%02x ", 0xFF & mem[i]); + c += sprintf(&str[c], "%02x ", 0xFF & mem[i]); else /* end of block, just aligning for ASCII dump */ - fprintf(stderr, " "); + c+= sprintf(&str[c], " "); /* print ASCII dump */ if(i % HEXDUMP_COLS == (HEXDUMP_COLS - 1)) { for(j = i - (HEXDUMP_COLS - 1); j <= i; j++) { if(j >= len) /* end of block, not really printing */ - fputc(' ', stderr); + str[c++] = ' '; else if(isprint(mem[j])) /* printable char */ - fputc(0xFF & mem[j], stderr); + str[c++] = 0xFF & mem[j]; else /* other char */ - fputc('.', stderr); + str[c++] = '.'; } - fputc('\n', stderr); + str[c++] = '\n'; + str[c++] = 0; + print_message(msg_info, str); + c = 0; } } } @@ -345,8 +351,8 @@ int probe_buffer(char* buf, int len, struct sslhcfg_protocols_item** proto) int i, res, again = 0; if (cfg.verbose > 1) { - fprintf(stderr, "hexdump of incoming packet:\n"); - hexdump(buf, len); + print_message(msg_packets, "hexdump of incoming packet:\n"); + hexdump(msg_packets, buf, len); } *proto = NULL; diff --git a/probe.h b/probe.h index ecc972f..01248fc 100644 --- a/probe.h +++ b/probe.h @@ -5,6 +5,7 @@ #include "common.h" #include "tls.h" +#include "log.h" typedef enum { PROBE_NEXT, /* Enough data, probe failed -- it's some other protocol */ @@ -59,6 +60,6 @@ void set_ontimeout(const char* name); */ struct sslhcfg_protocols_item* timeout_protocol(void); -void hexdump(const char*, unsigned int); +void hexdump(msg_info, const char*, unsigned int); #endif diff --git a/sslh-conf.c b/sslh-conf.c index 6d8eb46..1abebb6 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 19 20:20:24 2021. + * on Sun Sep 19 21:54:06 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -446,7 +446,9 @@ struct arg_file* sslhcfg_conffile; struct arg_int* sslhcfg_verbose_config; struct arg_int* sslhcfg_verbose_config_error; struct arg_int* sslhcfg_verbose_connections; + struct arg_int* sslhcfg_verbose_connections_error; struct arg_int* sslhcfg_verbose_fd; + struct arg_int* sslhcfg_verbose_packets; struct arg_int* sslhcfg_verbose_system_error; struct arg_int* sslhcfg_verbose_int_error; struct arg_int* sslhcfg_verbose; @@ -789,7 +791,7 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { @@ -838,7 +840,23 @@ static struct config_desc table_sslhcfg[] = { /* array_type */ -1, /* mandatory */ 0, /* optional */ 0, - /* default_val*/ .default_val.def_int = 0 + /* default_val*/ .default_val.def_int = 3 + }, + + { + /* name */ "verbose_connections_error", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_connections_error, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_connections_error), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 3 }, { @@ -857,6 +875,22 @@ static struct config_desc table_sslhcfg[] = { /* default_val*/ .default_val.def_int = 0 }, + { + /* name */ "verbose_packets", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_packets, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_packets), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 0 + }, + { /* name */ "verbose_system_error", /* type */ CFG_INT, @@ -1225,7 +1259,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [19], + .base_entry = & table_sslhcfg [21], .targets = sslhcfg_listen_targets, @@ -1237,7 +1271,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_ssh_targets, @@ -1249,7 +1283,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_tls_targets, @@ -1261,7 +1295,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_openvpn_targets, @@ -1273,7 +1307,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_tinc_targets, @@ -1285,7 +1319,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_xmpp_targets, @@ -1297,7 +1331,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_http_targets, @@ -1309,7 +1343,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_adb_targets, @@ -1321,7 +1355,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_socks5_targets, @@ -1333,7 +1367,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_syslog_targets, @@ -1345,7 +1379,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [20], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_anyprot_targets, @@ -2013,7 +2047,9 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) sslhcfg_verbose_config = arg_intn(NULL, "verbose-config", "", 0, 1, ""), sslhcfg_verbose_config_error = arg_intn(NULL, "verbose-config-error", "", 0, 1, ""), sslhcfg_verbose_connections = arg_intn(NULL, "verbose-connections", "", 0, 1, ""), + sslhcfg_verbose_connections_error = arg_intn(NULL, "verbose-connections-error", "", 0, 1, ""), sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "", 0, 1, ""), + sslhcfg_verbose_packets = arg_intn(NULL, "verbose-packets", "", 0, 1, ""), sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "", 0, 1, ""), sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "", 0, 1, ""), sslhcfg_verbose = arg_intn("v", "verbose", "", 0, 1, ""), @@ -2194,9 +2230,15 @@ void sslhcfg_fprint( fprintf(out, "verbose_connections: %d", sslhcfg->verbose_connections); fprintf(out, "\n"); indent(out, depth); + fprintf(out, "verbose_connections_error: %d", sslhcfg->verbose_connections_error); + fprintf(out, "\n"); + indent(out, depth); fprintf(out, "verbose_fd: %d", sslhcfg->verbose_fd); fprintf(out, "\n"); indent(out, depth); + fprintf(out, "verbose_packets: %d", sslhcfg->verbose_packets); + fprintf(out, "\n"); + indent(out, depth); fprintf(out, "verbose_system_error: %d", sslhcfg->verbose_system_error); fprintf(out, "\n"); indent(out, depth); diff --git a/sslh-conf.h b/sslh-conf.h index 81ef678..f51ae62 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 19 20:20:24 2021. + * on Sun Sep 19 21:54:06 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -77,7 +77,9 @@ struct sslhcfg_item { int verbose_config; int verbose_config_error; int verbose_connections; + int verbose_connections_error; int verbose_fd; + int verbose_packets; int verbose_system_error; int verbose_int_error; int verbose; diff --git a/sslhconf.cfg b/sslhconf.cfg index 6a9a0fa..8e89324 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -27,8 +27,10 @@ config: { items: ( { name: "verbose-config"; type: "int"; default: 0; }, { name: "verbose-config-error"; type: "int"; default: 3; }, - { name: "verbose-connections"; type: "int"; default: 0; }, + { name: "verbose-connections"; type: "int"; default: 3; }, + { name: "verbose-connections-error"; type: "int"; default: 3; }, { name: "verbose-fd"; type: "int"; default: 0; }, + { name: "verbose-packets"; type: "int"; default: 0; }, { name: "verbose-system-error"; type: "int"; default: 3; }, { name: "verbose-int-error"; type: "int"; default: 3; }, diff --git a/test.cfg b/test.cfg index 5f31027..8a83312 100644 --- a/test.cfg +++ b/test.cfg @@ -19,6 +19,7 @@ syslog_facility: "auth"; #verbose-config-error: 3; #config-error: print configuration errors #verbose-connections: 3; #config-connections: track connections #verbose-fd: 3; # file descriptor activity, open/close/whatnot +verbose-packets: 3; # hexdump packets on which probing is done #verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing #verbose-int-error: 3; # internal errors, the kind that should never happen From e6cbbe9511eecfd78e01ab1357d0e5e6d957ff9d Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 26 Sep 2021 15:53:21 +0200 Subject: [PATCH 08/19] migrate common.c to new logging system --- common.c | 29 +++++++++++------------------ log.c | 19 ++++++++++++++++++- log.h | 4 ++++ sslh-conf.c | 47 ++++++++++++++++++++++++++++++++++------------- sslh-conf.h | 3 ++- sslhconf.cfg | 1 + test.cfg | 3 +++ 7 files changed, 73 insertions(+), 33 deletions(-) diff --git a/common.c b/common.c index 131a10b..dece661 100644 --- a/common.c +++ b/common.c @@ -323,15 +323,14 @@ int connect_addr(struct connection *cnx, int fd_from, connect_blocking blocking) /* When transparent, make sure both connections use the same address family */ if (transparent && a->ai_family != from.ai_addr->sa_family) continue; - if (cfg.verbose) - fprintf(stderr, "connecting to %s family %d len %d\n", + print_message(msg_connections_try, "trying to connect to %s family %d len %d\n", sprintaddr(buf, sizeof(buf), a), a->ai_addr->sa_family, a->ai_addrlen); /* XXX Needs to match ai_family from fd_from when being transparent! */ fd = socket(a->ai_family, SOCK_STREAM, 0); if (fd == -1) { - log_message(LOG_ERR, "forward to %s failed:socket: %s\n", + print_message(msg_connections_error, "forward to %s failed:socket: %s\n", cnx->proto->name, strerror(errno)); } else { one = 1; @@ -351,7 +350,7 @@ int connect_addr(struct connection *cnx, int fd_from, connect_blocking blocking) /* EINPROGRESS indicates it might take time. If it eventually * fails, it'll be caught as a failed read */ if ((res == -1) && (errno != EINPROGRESS)) { - log_message(LOG_ERR, "forward to %s failed:connect: %s\n", + print_message(msg_connections_error, "forward to %s failed:connect: %s\n", cnx->proto->name, strerror(errno)); close(fd); continue; /* Try the next address */ @@ -371,9 +370,8 @@ int defer_write(struct queue *q, void* data, int data_size) { char *p; ptrdiff_t data_offset = q->deferred_data - q->begin_deferred_data; - if (cfg.verbose) - fprintf(stderr, "**** writing deferred on fd %d\n", q->fd); + print_message(msg_fd, "writing deferred on fd %d\n", q->fd); p = realloc(q->begin_deferred_data, data_offset + q->deferred_data_size + data_size); CHECK_ALLOC(p, "realloc"); @@ -394,8 +392,7 @@ int flush_deferred(struct queue *q) { int n; - if (cfg.verbose) - fprintf(stderr, "flushing deferred data to fd %d\n", q->fd); + print_message(msg_fd, "flushing deferred data to fd %d\n", q->fd); n = write(q->fd, q->deferred_data, q->deferred_data_size); if (n == -1) @@ -570,7 +567,7 @@ void resolve_name(struct addrinfo **out, char* fullname) /* Find port */ char *sep = strrchr(fullname, ':'); if (!sep) { /* No separator: parameter is just a port */ - fprintf(stderr, "%s: names must be fully specified as hostname:port\n", fullname); + print_message(msg_config_error, "%s: names must be fully specified as hostname:port\n", fullname); exit(1); } serv = sep+1; @@ -580,9 +577,9 @@ void resolve_name(struct addrinfo **out, char* fullname) res = resolve_split_name(out, host, serv); if (res) { - fprintf(stderr, "%s `%s'\n", gai_strerror(res), fullname); + print_message(msg_config_error, "%s `%s'\n", gai_strerror(res), fullname); if (res == EAI_SERVICE) - fprintf(stderr, "(Check you have specified all ports)\n"); + print_message(msg_config_error, "(Check you have specified all ports)\n"); exit(4); } } @@ -664,8 +661,7 @@ int check_access_rights(int in_socket, const char* service) /* extract peer address */ res = getnameinfo(&peer.saddr, size, addr_str, sizeof(addr_str), NULL, 0, NI_NUMERICHOST); if (res) { - if (cfg.verbose) - fprintf(stderr, "getnameinfo(NI_NUMERICHOST):%s\n", gai_strerror(res)); + print_message(msg_system_error, "getnameinfo(NI_NUMERICHOST):%s\n", gai_strerror(res)); strcpy(addr_str, STRING_UNKNOWN); } /* extract peer name */ @@ -673,15 +669,12 @@ int check_access_rights(int in_socket, const char* service) if (!cfg.numeric) { res = getnameinfo(&peer.saddr, size, host, sizeof(host), NULL, 0, NI_NAMEREQD); if (res) { - if (cfg.verbose) - fprintf(stderr, "getnameinfo(NI_NAMEREQD):%s\n", gai_strerror(res)); + print_message(msg_system_error, "getnameinfo(NI_NAMEREQD):%s\n", gai_strerror(res)); } } if (!hosts_ctl(service, host, addr_str, STRING_UNKNOWN)) { - if (cfg.verbose) - fprintf(stderr, "access denied\n"); - log_message(LOG_INFO, "connection from %s(%s): access denied", host, addr_str); + print_message(msg_connections, "connection from %s(%s): access denied", host, addr_str); close(in_socket); return -1; } diff --git a/log.c b/log.c index eb89515..217d86e 100644 --- a/log.c +++ b/log.c @@ -56,12 +56,29 @@ msg_info msg_system_error = { &cfg.verbose_system_error }; - msg_info msg_packets = { LOG_INFO, &cfg.verbose_packets }; +/* additional info when attempting outgoing connections */ +msg_info msg_connections_try = { + LOG_DEBUG, + &cfg.verbose_connections_try +}; + +/* Connection information and failures (e.g. forbidden by policy) */ +msg_info msg_connections = { + LOG_INFO, + &cfg.verbose_connections +}; + +/* Connection failures, e.g. target server not present */ +msg_info msg_connections_error = { + LOG_ERR, + &cfg.verbose_connections_error +}; + diff --git a/log.h b/log.h index 563d217..7d2ea7a 100644 --- a/log.h +++ b/log.h @@ -22,4 +22,8 @@ extern msg_info msg_packets; extern msg_info msg_int_error; extern msg_info msg_system_error; +extern msg_info msg_connections_try; +extern msg_info msg_connections_error; +extern msg_info msg_connections; + #endif /* LOG_H */ diff --git a/sslh-conf.c b/sslh-conf.c index 1abebb6..e280054 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 19 21:54:06 2021. + * on Sun Sep 26 15:51:02 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -446,6 +446,7 @@ struct arg_file* sslhcfg_conffile; struct arg_int* sslhcfg_verbose_config; struct arg_int* sslhcfg_verbose_config_error; struct arg_int* sslhcfg_verbose_connections; + struct arg_int* sslhcfg_verbose_connections_try; struct arg_int* sslhcfg_verbose_connections_error; struct arg_int* sslhcfg_verbose_fd; struct arg_int* sslhcfg_verbose_packets; @@ -791,7 +792,7 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { @@ -843,6 +844,22 @@ static struct config_desc table_sslhcfg[] = { /* default_val*/ .default_val.def_int = 3 }, + { + /* name */ "verbose_connections_try", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_connections_try, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_connections_try), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 0 + }, + { /* name */ "verbose_connections_error", /* type */ CFG_INT, @@ -1259,7 +1276,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [21], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_listen_targets, @@ -1271,7 +1288,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_ssh_targets, @@ -1283,7 +1300,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_tls_targets, @@ -1295,7 +1312,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_openvpn_targets, @@ -1307,7 +1324,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_tinc_targets, @@ -1319,7 +1336,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_xmpp_targets, @@ -1331,7 +1348,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_http_targets, @@ -1343,7 +1360,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_adb_targets, @@ -1355,7 +1372,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_socks5_targets, @@ -1367,7 +1384,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_syslog_targets, @@ -1379,7 +1396,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_anyprot_targets, @@ -2047,6 +2064,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) sslhcfg_verbose_config = arg_intn(NULL, "verbose-config", "", 0, 1, ""), sslhcfg_verbose_config_error = arg_intn(NULL, "verbose-config-error", "", 0, 1, ""), sslhcfg_verbose_connections = arg_intn(NULL, "verbose-connections", "", 0, 1, ""), + sslhcfg_verbose_connections_try = arg_intn(NULL, "verbose-connections-try", "", 0, 1, ""), sslhcfg_verbose_connections_error = arg_intn(NULL, "verbose-connections-error", "", 0, 1, ""), sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "", 0, 1, ""), sslhcfg_verbose_packets = arg_intn(NULL, "verbose-packets", "", 0, 1, ""), @@ -2230,6 +2248,9 @@ void sslhcfg_fprint( fprintf(out, "verbose_connections: %d", sslhcfg->verbose_connections); fprintf(out, "\n"); indent(out, depth); + fprintf(out, "verbose_connections_try: %d", sslhcfg->verbose_connections_try); + fprintf(out, "\n"); + indent(out, depth); fprintf(out, "verbose_connections_error: %d", sslhcfg->verbose_connections_error); fprintf(out, "\n"); indent(out, depth); diff --git a/sslh-conf.h b/sslh-conf.h index f51ae62..ad4a3e2 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 19 21:54:06 2021. + * on Sun Sep 26 15:51:02 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -77,6 +77,7 @@ struct sslhcfg_item { int verbose_config; int verbose_config_error; int verbose_connections; + int verbose_connections_try; int verbose_connections_error; int verbose_fd; int verbose_packets; diff --git a/sslhconf.cfg b/sslhconf.cfg index 8e89324..57fedc4 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -28,6 +28,7 @@ config: { { name: "verbose-config"; type: "int"; default: 0; }, { name: "verbose-config-error"; type: "int"; default: 3; }, { name: "verbose-connections"; type: "int"; default: 3; }, + { name: "verbose-connections-try"; type: "int"; default: 0; }, { name: "verbose-connections-error"; type: "int"; default: 3; }, { name: "verbose-fd"; type: "int"; default: 0; }, { name: "verbose-packets"; type: "int"; default: 0; }, diff --git a/test.cfg b/test.cfg index 8a83312..2b95c65 100644 --- a/test.cfg +++ b/test.cfg @@ -22,6 +22,9 @@ syslog_facility: "auth"; verbose-packets: 3; # hexdump packets on which probing is done #verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing #verbose-int-error: 3; # internal errors, the kind that should never happen +#verbose-connections-try: 3; # connection attempts towards targets +#verbose-connections: 3; # trace established incoming address to forward address +# verbose-connections-error: 3; # connection errors # List of interfaces on which we should listen # Options: From 6ea7d48f86d9f9d96ff4eb2c91f8250131627323 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 26 Sep 2021 16:55:31 +0200 Subject: [PATCH 09/19] migrate tls.c and probe.c to new log system --- log.c | 12 ++++++++++ log.h | 3 +++ probe.c | 9 +++---- sslh-conf.c | 68 ++++++++++++++++++++++++++++++++++++++++++---------- sslh-conf.h | 4 +++- sslhconf.cfg | 3 +++ tls.c | 13 +++++----- 7 files changed, 88 insertions(+), 24 deletions(-) diff --git a/log.c b/log.c index 217d86e..e83465a 100644 --- a/log.c +++ b/log.c @@ -80,6 +80,18 @@ msg_info msg_connections_error = { }; +/* comment the probing process */ +msg_info msg_probe_info = { + LOG_INFO, + &cfg.verbose_probe_info +}; + +/* probing errors, e.g. inconsistent data in connections */ +msg_info msg_probe_error = { + LOG_ERR, + &cfg.verbose_probe_error +}; + /* Bitmasks in verbose-* values */ diff --git a/log.h b/log.h index 7d2ea7a..622885a 100644 --- a/log.h +++ b/log.h @@ -26,4 +26,7 @@ extern msg_info msg_connections_try; extern msg_info msg_connections_error; extern msg_info msg_connections; +extern msg_info msg_probe_info; +extern msg_info msg_probe_error; + #endif /* LOG_H */ diff --git a/probe.c b/probe.c index 657842e..a1171b7 100644 --- a/probe.c +++ b/probe.c @@ -334,7 +334,7 @@ static int regex_probe(const char *p, ssize_t len, struct sslhcfg_protocols_item return 0; #else /* Should never happen as we check when loading config file */ - fprintf(stderr, "FATAL: regex probe called but not built in\n"); + print_message(msg_int_error, "FATAL: regex probe called but not built in\n"); exit(5); #endif } @@ -362,20 +362,21 @@ int probe_buffer(char* buf, int len, struct sslhcfg_protocols_item** proto) if (! p->probe) continue; - if (cfg.verbose) fprintf(stderr, "probing for %s\n", p->name); + print_message(msg_probe_info, "probing for %s\n", p->name); /* Don't probe last protocol if it is anyprot (and store last protocol) */ if ((i == cfg.protocols_len - 1) && (!strcmp(p->name, "anyprot"))) break; if (p->minlength_is_present && (len < p->minlength )) { - fprintf(stderr, "input too short, %d bytes but need %d\n", len , p->minlength); + print_message(msg_probe_info, "input too short, %d bytes but need %d\n", + len , p->minlength); again++; continue; } res = p->probe(buf, len, p); - if (cfg.verbose) fprintf(stderr, "probed for %s: %s\n", p->name, probe_str[res]); + print_message(msg_probe_info, "probed for %s: %s\n", p->name, probe_str[res]); if (res == PROBE_MATCH) { *proto = p; diff --git a/sslh-conf.c b/sslh-conf.c index e280054..9f7da74 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 26 15:51:02 2021. + * on Sun Sep 26 16:54:06 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -450,6 +450,8 @@ struct arg_file* sslhcfg_conffile; struct arg_int* sslhcfg_verbose_connections_error; struct arg_int* sslhcfg_verbose_fd; struct arg_int* sslhcfg_verbose_packets; + struct arg_int* sslhcfg_verbose_probe_info; + struct arg_int* sslhcfg_verbose_probe_error; struct arg_int* sslhcfg_verbose_system_error; struct arg_int* sslhcfg_verbose_int_error; struct arg_int* sslhcfg_verbose; @@ -792,7 +794,7 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { @@ -908,6 +910,38 @@ static struct config_desc table_sslhcfg[] = { /* default_val*/ .default_val.def_int = 0 }, + { + /* name */ "verbose_probe_info", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_probe_info, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_probe_info), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 0 + }, + + { + /* name */ "verbose_probe_error", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_probe_error, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_probe_error), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 3 + }, + { /* name */ "verbose_system_error", /* type */ CFG_INT, @@ -1276,7 +1310,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_listen_targets, @@ -1288,7 +1322,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_ssh_targets, @@ -1300,7 +1334,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_tls_targets, @@ -1312,7 +1346,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_openvpn_targets, @@ -1324,7 +1358,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_tinc_targets, @@ -1336,7 +1370,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_xmpp_targets, @@ -1348,7 +1382,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_http_targets, @@ -1360,7 +1394,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_adb_targets, @@ -1372,7 +1406,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_socks5_targets, @@ -1384,7 +1418,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_syslog_targets, @@ -1396,7 +1430,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_anyprot_targets, @@ -2068,6 +2102,8 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) sslhcfg_verbose_connections_error = arg_intn(NULL, "verbose-connections-error", "", 0, 1, ""), sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "", 0, 1, ""), sslhcfg_verbose_packets = arg_intn(NULL, "verbose-packets", "", 0, 1, ""), + sslhcfg_verbose_probe_info = arg_intn(NULL, "verbose-probe-info", "", 0, 1, ""), + sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "", 0, 1, ""), sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "", 0, 1, ""), sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "", 0, 1, ""), sslhcfg_verbose = arg_intn("v", "verbose", "", 0, 1, ""), @@ -2260,6 +2296,12 @@ void sslhcfg_fprint( fprintf(out, "verbose_packets: %d", sslhcfg->verbose_packets); fprintf(out, "\n"); indent(out, depth); + fprintf(out, "verbose_probe_info: %d", sslhcfg->verbose_probe_info); + fprintf(out, "\n"); + indent(out, depth); + fprintf(out, "verbose_probe_error: %d", sslhcfg->verbose_probe_error); + fprintf(out, "\n"); + indent(out, depth); fprintf(out, "verbose_system_error: %d", sslhcfg->verbose_system_error); fprintf(out, "\n"); indent(out, depth); diff --git a/sslh-conf.h b/sslh-conf.h index ad4a3e2..192ae76 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 26 15:51:02 2021. + * on Sun Sep 26 16:54:06 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -81,6 +81,8 @@ struct sslhcfg_item { int verbose_connections_error; int verbose_fd; int verbose_packets; + int verbose_probe_info; + int verbose_probe_error; int verbose_system_error; int verbose_int_error; int verbose; diff --git a/sslhconf.cfg b/sslhconf.cfg index 57fedc4..c03b8ea 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -33,6 +33,9 @@ config: { { name: "verbose-fd"; type: "int"; default: 0; }, { name: "verbose-packets"; type: "int"; default: 0; }, + { name: "verbose-probe-info"; type: "int"; default: 0; }, + { name: "verbose-probe-error"; type: "int"; default: 3; }, + { name: "verbose-system-error"; type: "int"; default: 3; }, { name: "verbose-int-error"; type: "int"; default: 3; }, diff --git a/tls.c b/tls.c index c8b3fae..dfb3353 100644 --- a/tls.c +++ b/tls.c @@ -33,6 +33,7 @@ #include /* fnmatch() */ #include "tls.h" #include "sslh-conf.h" +#include "log.h" #define TLS_HEADER_LEN 5 #define TLS_HANDSHAKE_CONTENT_TYPE 0x16 @@ -82,14 +83,14 @@ parse_tls_header(const struct TLSProtocol *tls_data, const char *data, size_t da tls_content_type = data[0]; if (tls_content_type != TLS_HANDSHAKE_CONTENT_TYPE) { - if (cfg.verbose) fprintf(stderr, "Request did not begin with TLS handshake.\n"); + print_message(msg_probe_error, "Request did not begin with TLS handshake.\n"); return TLS_EPROTOCOL; } tls_version_major = data[1]; tls_version_minor = data[2]; if (tls_version_major < 3) { - if (cfg.verbose) fprintf(stderr, "Received SSL %d.%d handshake which cannot be parsed.\n", + print_message(msg_probe_error, "Received SSL %d.%d handshake which cannot be parsed.\n", tls_version_major, tls_version_minor); return TLS_EVERSION; @@ -111,7 +112,7 @@ parse_tls_header(const struct TLSProtocol *tls_data, const char *data, size_t da return TLS_EPROTOCOL; } if (data[pos] != TLS_HANDSHAKE_TYPE_CLIENT_HELLO) { - if (cfg.verbose) fprintf(stderr, "Not a client hello\n"); + print_message(msg_probe_error, "Not a client hello\n"); return TLS_EPROTOCOL; } @@ -228,7 +229,7 @@ parse_server_name_extension(const struct TLSProtocol *tls_data, const char *data return TLS_ENOEXT; } default: - if (cfg.verbose) fprintf(stderr, "Unknown server name extension name type: %d\n", + print_message(msg_probe_error, "Unknown server name extension name type: %d\n", data[pos]); } pos += 3 + len; @@ -254,7 +255,7 @@ parse_alpn_extension(const struct TLSProtocol *tls_data, const char *data, size_ if (len > 0 && has_match(tls_data->alpn_protocol_list, tls_data->alpn_list_len, data + pos + 1, len)) { return len; } else if (len > 0) { - if (cfg.verbose) fprintf(stderr, "Unknown ALPN name: %.*s\n", (int)len, data + pos + 1); + print_message(msg_probe_error, "Unknown ALPN name: %.*s\n", (int)len, data + pos + 1); } pos += 1 + len; } @@ -276,7 +277,7 @@ has_match(const char** list, size_t list_len, const char* name, size_t name_len) for (i = 0; i < list_len; i++) { item = &list[i]; - if (cfg.verbose) fprintf(stderr, "matching [%.*s] with [%s]\n", (int)name_len, name, *item); + print_message(msg_probe_error, "matching [%.*s] with [%s]\n", (int)name_len, name, *item); if(!fnmatch(*item, name_nullterminated, 0)) { free(name_nullterminated); return 1; From 2e11001087846c1ca424e6dd1746fb225deca682 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 12:43:03 +0200 Subject: [PATCH 10/19] migrate UDP to new log system --- udp-listener.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/udp-listener.c b/udp-listener.c index ce1021f..986a44c 100644 --- a/udp-listener.c +++ b/udp-listener.c @@ -76,15 +76,15 @@ int udp_c2s_forward(int sockfd, cnx_collection* collection, int max_fd) target = known_source(collection, max_fd, &src_addr, addrlen); addrinfo.ai_addr = &src_addr; addrinfo.ai_addrlen = addrlen; - if (cfg.verbose) - fprintf(stderr, "received %ld UDP from %d:%s\n", len, target, sprintaddr(addr_str, sizeof(addr_str), &addrinfo)); + print_message(msg_probe_info, "received %ld UDP from %d:%s\n", + len, target, sprintaddr(addr_str, sizeof(addr_str), &addrinfo)); if (target == -1) { res = probe_buffer(data, len, &proto); /* First version: if we can't work out the protocol from the first * packet, drop it. Conceivably, we could store several packets to * run probes on packet sets */ - if (cfg.verbose) fprintf(stderr, "UDP probed: %d\n", res); + print_message(msg_probe_info, "UDP probed: %d\n", res); if (res != PROBE_MATCH) { return -1; } @@ -106,7 +106,7 @@ int udp_c2s_forward(int sockfd, cnx_collection* collection, int max_fd) res = sendto(cnx->target_sock, data, len, 0, cnx->proto->saddr->ai_addr, cnx->proto->saddr->ai_addrlen); cnx->last_active = time(NULL); - fprintf(stderr, "sending %d to %s\n", + print_message(msg_fd, "sending %d to %s\n", res, sprintaddr(data, sizeof(data), cnx->proto->saddr)); return out; } @@ -119,12 +119,10 @@ void udp_s2c_forward(struct connection* cnx) int res; res = recvfrom(sockfd, data, sizeof(data), 0, NULL, NULL); - fprintf(stderr, "recvfrom %d\n", res); CHECK_RES_DIE(res, "udp_listener/recvfrom"); res = sendto(cnx->local_endpoint, data, res, 0, &cnx->client_addr, cnx->addrlen); cnx->last_active = time(NULL); - fprintf(stderr, "sendto %d to\n", res); } From 4d3cc9c925dd92575b389178142a3d82fd4cbfdf Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 12:46:51 +0200 Subject: [PATCH 11/19] migrate some more common.c to new log system --- common.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/common.c b/common.c index dece661..4d85a20 100644 --- a/common.c +++ b/common.c @@ -75,7 +75,7 @@ int get_fd_sockets(struct listen_endpoint *sockfd[]) #ifdef SYSTEMD sd = sd_listen_fds(0); if (sd < 0) { - fprintf(stderr, "sd_listen_fds(): %s\n", strerror(-sd)); + print_message(msg_system_error, "sd_listen_fds(): %s\n", strerror(-sd)); exit(1); } if (sd > 0) { @@ -453,8 +453,6 @@ int fd2fd(struct queue *target_q, struct queue *from_q) if (size_r == -1) { switch (errno) { case EAGAIN: - if (cfg.verbose) - fprintf(stderr, "reading 0 from %d\n", from); return FD_NODATA; case ECONNRESET: @@ -542,7 +540,7 @@ int resolve_split_name(struct addrinfo **out, char* host, char* serv) if (host[0] == '[') { end = strrchr(host, ']'); if (!end) { - fprintf(stderr, "%s: no closing bracket in IPv6 address?\n", host); + print_message(msg_config_error, "%s: no closing bracket in IPv6 address?\n", host); return -1; } host++; /* skip first bracket */ From 66caf8a31b3e1214a5b6e3c6fb3dadbd77d13f64 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 12:51:37 +0200 Subject: [PATCH 12/19] remove log_message --- common.c | 6 +++--- common.h | 2 +- log.c | 20 +------------------- 3 files changed, 5 insertions(+), 23 deletions(-) diff --git a/common.c b/common.c index 4d85a20..3c51397 100644 --- a/common.c +++ b/common.c @@ -503,7 +503,7 @@ char* sprintaddr(char* buf, size_t size, struct addrinfo *a) cfg.numeric ? NI_NUMERICHOST | NI_NUMERICSERV : 0 ); if (res) { - log_message(LOG_ERR, "sprintaddr:getnameinfo: %s\n", gai_strerror(res)); + print_message(msg_system_error, "sprintaddr:getnameinfo: %s\n", gai_strerror(res)); /* Name resolution failed: do it numerically instead */ res = getnameinfo(a->ai_addr, a->ai_addrlen, host, sizeof(host), @@ -511,7 +511,7 @@ char* sprintaddr(char* buf, size_t size, struct addrinfo *a) NI_NUMERICHOST | NI_NUMERICSERV); /* should not fail but... */ if (res) { - log_message(LOG_ERR, "sprintaddr:getnameinfo(NUM): %s\n", gai_strerror(res)); + print_message(msg_system_error, "sprintaddr:getnameinfo(NUM): %s\n", gai_strerror(res)); strcpy(host, "?"); strcpy(serv, "?"); } @@ -549,7 +549,7 @@ int resolve_split_name(struct addrinfo **out, char* host, char* serv) res = getaddrinfo(host, serv, &hint, out); if (res) - log_message(LOG_ERR, "%s `%s:%s'\n", gai_strerror(res), host, serv); + print_message(msg_system_error, "%s `%s:%s'\n", gai_strerror(res), host, serv); return res; } diff --git a/common.h b/common.h index 9235699..acb1bd3 100644 --- a/common.h +++ b/common.h @@ -47,7 +47,7 @@ #define CHECK_RES_RETURN(res, str, ret) \ if (res == -1) { \ - log_message(LOG_CRIT, "%s:%d:%s:%d:%s\n", __FILE__, __LINE__, str, errno, strerror(errno)); \ + print_message(msg_system_error, "%s:%d:%s:%d:%s\n", __FILE__, __LINE__, str, errno, strerror(errno)); \ return ret; \ } diff --git a/log.c b/log.c index e83465a..00a25a0 100644 --- a/log.c +++ b/log.c @@ -146,24 +146,6 @@ void setup_syslog(const char* bin_name) { } -/* Log to syslog or stderr if foreground */ -void log_message(int type, const char* msg, ...) -{ - va_list ap; - - va_start(ap, msg); - if (cfg.foreground) - vfprintf(stderr, msg, ap); - va_end(ap); - - if (do_syslog) { - va_start(ap, msg); - vsyslog(type, msg, ap); - va_end(ap); - } -} - - /* syslogs who connected to where * desc: string description of the connection. if NULL, log_connection will * manage on its own @@ -181,7 +163,7 @@ void log_connection(struct connection_desc* desc, const struct connection *cnx) get_connection_desc(desc, cnx); } - log_message(LOG_INFO, "%s:connection from %s to %s forwarded from %s to %s\n", + print_message(msg_connections, "%s:connection from %s to %s forwarded from %s to %s\n", cnx->proto->name, desc->peer, desc->service, From 70b31a48d92f9844f085126966370ffa6a8fd0f7 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 12:53:41 +0200 Subject: [PATCH 13/19] migrate generic system call failure checks to new log system --- common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common.h b/common.h index acb1bd3..d3ebd59 100644 --- a/common.h +++ b/common.h @@ -40,7 +40,7 @@ #define CHECK_RES_DIE(res, str) \ if (res == -1) { \ - fprintf(stderr, "%s:%d:", __FILE__, __LINE__); \ + print_message(msg_system_error, "%s:%d:", __FILE__, __LINE__); \ perror(str); \ exit(1); \ } @@ -53,7 +53,7 @@ #define CHECK_ALLOC(a, str) \ if (!a) { \ - fprintf(stderr, "%s:%d:", __FILE__, __LINE__); \ + print_message(msg_system_error, "%s:%d:", __FILE__, __LINE__); \ perror(str); \ exit(1); \ } From 4f0f5017bcf1853f694d4c8983bb061157fb0399 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 12:55:57 +0200 Subject: [PATCH 14/19] remove obsolete prototype --- common.h | 1 - 1 file changed, 1 deletion(-) diff --git a/common.h b/common.h index d3ebd59..ee53dd1 100644 --- a/common.h +++ b/common.h @@ -160,7 +160,6 @@ void setup_syslog(const char* bin_name); void drop_privileges(const char* user_name, const char* chroot_path); void set_capabilities(int cap_net_admin); void write_pid_file(const char* pidfile); -void log_message(int type, const char* msg, ...); void dump_connection(struct connection *cnx); int resolve_split_name(struct addrinfo **out, char* hostname, char* port); From 16bf1a6acaea88f169f857e9a71285604fab07c3 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 13:01:20 +0200 Subject: [PATCH 15/19] make echosrv independant from common macros --- echosrv.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/echosrv.c b/echosrv.c index 4d22eb4..4f08e31 100644 --- a/echosrv.c +++ b/echosrv.c @@ -100,7 +100,10 @@ void tcp_echo(struct listen_endpoint* listen_socket) { while (1) { int in_socket = accept(listen_socket->socketfd, 0, 0); - CHECK_RES_DIE(in_socket, "accept"); + if (in_socket == -1) { + perror("tcp_echo:accept"); + exit(1); + } if (!fork()) { From 4277d270633d6b535213941621b30fb8d428225e Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 13:16:30 +0200 Subject: [PATCH 16/19] migrate last messages to new log system --- common.c | 2 +- tls.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/common.c b/common.c index 3c51397..7daa969 100644 --- a/common.c +++ b/common.c @@ -58,7 +58,7 @@ void check_res_dump(CR_ACTION act, int res, struct addrinfo *addr, char* syscall char buf[NI_MAXHOST]; if (res == -1) { - fprintf(stderr, "%s:%s: %s\n", + print_message(msg_system_error, "%s:%s: %s\n", sprintaddr(buf, sizeof(buf), addr), syscall, strerror(errno)); diff --git a/tls.c b/tls.c index dfb3353..9d56edb 100644 --- a/tls.c +++ b/tls.c @@ -145,7 +145,7 @@ parse_tls_header(const struct TLSProtocol *tls_data, const char *data, size_t da pos += 1 + len; if (pos == data_len && tls_version_major == 3 && tls_version_minor == 0) { - if (cfg.verbose) fprintf(stderr, "Received SSL 3.0 handshake without extensions\n"); + print_message(msg_probe_error, "Received SSL 3.0 handshake without extensions\n"); return TLS_EVERSION; } From c8fce0a02f61e46a0d277be7eeae05e2de2ee159 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 13:21:16 +0200 Subject: [PATCH 17/19] make sure no error will go to stderr if in inetd (fix #303) --- sslh-main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sslh-main.c b/sslh-main.c index 99d6297..c1076f6 100644 --- a/sslh-main.c +++ b/sslh-main.c @@ -197,6 +197,7 @@ int main(int argc, char *argv[], char* envp[]) if (cfg.inetd) { cfg.verbose = 0; + close(fileno(stderr)); /* Make sure no error will go to client */ start_shoveler(0); exit(0); } From caa62875c180ce55a11c696e670b23390b1ca82c Mon Sep 17 00:00:00 2001 From: yrutschle Date: Mon, 27 Sep 2021 13:28:21 +0200 Subject: [PATCH 18/19] remove --verbose option --- ChangeLog | 11 +++++++++++ example.cfg | 16 +++++++++++++--- probe.c | 6 ++---- sslh-conf.c | 47 +++++++++++++---------------------------------- sslh-conf.h | 3 +-- sslh-main.c | 1 - sslhconf.cfg | 1 - test.cfg | 20 ++++++++++---------- 8 files changed, 50 insertions(+), 55 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5e4ad26..e75849a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +vNEXT: + New log system: instead of --verbose with arbitrary + levels, there are now several message classes. Each + message class can be set to go to stderr, syslog, or + both. Classes are documented in example.cfg. + + inetd merges stderr output to what is sent to the + client, which is a security issue as it might give + information to an attacker. When inetd is activated, + stderr is forcibly closed. + v1.22: 17AUG2021 sslh-select now supports UDP protocols. Probes specified in the `protocols` diff --git a/example.cfg b/example.cfg index 974a3f9..2542420 100644 --- a/example.cfg +++ b/example.cfg @@ -12,11 +12,21 @@ user: "nobody"; pidfile: "/var/run/sslh.pid"; chroot: "/var/empty"; -verbose: 0; - # Logging configuration # Value: 1: stdout; 2: syslog; 3: both -verbose-config: 0; # config: print configuration at startup +# Defaults are indicated here, and should be sensible. Generally, you want *-error +# to be always enabled, to know if something is going wrong. +verbose-config: 0; # print configuration at startup +verbose-config-error: 3; # print configuration errors +verbose-connections: 3; # trace established incoming address to forward address +verbose-connections-error: 3; # connection errors +verbose-connections-try: 0; # connection attempts towards targets +verbose-fd: 0; # file descriptor activity, open/close/whatnot +verbose-packets: 0; # hexdump packets on which probing is done +verbose-probe-info: 0; # what's happening during the probe process +verbose-probe-error: 3; # failures and problems during probing +verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing +verbose-int-error: 3; # internal errors, the kind that should never happen # Specify which syslog facility to use (names for your diff --git a/probe.c b/probe.c index a1171b7..ee9f423 100644 --- a/probe.c +++ b/probe.c @@ -350,10 +350,8 @@ int probe_buffer(char* buf, int len, struct sslhcfg_protocols_item** proto) struct sslhcfg_protocols_item* p; int i, res, again = 0; - if (cfg.verbose > 1) { - print_message(msg_packets, "hexdump of incoming packet:\n"); - hexdump(msg_packets, buf, len); - } + print_message(msg_packets, "hexdump of incoming packet:\n"); + hexdump(msg_packets, buf, len); *proto = NULL; for (i = 0; i < cfg.protocols_len; i++) { diff --git a/sslh-conf.c b/sslh-conf.c index 9f7da74..0afdfb6 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 26 16:54:06 2021. + * on Mon Sep 27 13:21:48 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -454,7 +454,6 @@ struct arg_file* sslhcfg_conffile; struct arg_int* sslhcfg_verbose_probe_error; struct arg_int* sslhcfg_verbose_system_error; struct arg_int* sslhcfg_verbose_int_error; - struct arg_int* sslhcfg_verbose; struct arg_lit* sslhcfg_version; struct arg_lit* sslhcfg_foreground; struct arg_lit* sslhcfg_inetd; @@ -794,7 +793,7 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { @@ -974,22 +973,6 @@ static struct config_desc table_sslhcfg[] = { /* default_val*/ .default_val.def_int = 3 }, - { - /* name */ "verbose", - /* type */ CFG_INT, - /* sub_group*/ NULL, - /* arg_cl */ & sslhcfg_verbose, - /* base_addr */ NULL, - /* offset */ offsetof(struct sslhcfg_item, verbose), - /* offset_len */ 0, - /* offset_present */ 0, - /* size */ sizeof(int), - /* array_type */ -1, - /* mandatory */ 1, - /* optional */ 0, - /* default_val*/ .default_val.def_int = 0 - }, - { /* name */ "version", /* type */ CFG_BOOL, @@ -1310,7 +1293,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [24], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_listen_targets, @@ -1322,7 +1305,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_ssh_targets, @@ -1334,7 +1317,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_tls_targets, @@ -1346,7 +1329,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_openvpn_targets, @@ -1358,7 +1341,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_tinc_targets, @@ -1370,7 +1353,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_xmpp_targets, @@ -1382,7 +1365,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_http_targets, @@ -1394,7 +1377,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_adb_targets, @@ -1406,7 +1389,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_socks5_targets, @@ -1418,7 +1401,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_syslog_targets, @@ -1430,7 +1413,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [25], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_anyprot_targets, @@ -2106,7 +2089,6 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "", 0, 1, ""), sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "", 0, 1, ""), sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "", 0, 1, ""), - sslhcfg_verbose = arg_intn("v", "verbose", "", 0, 1, ""), sslhcfg_version = arg_litn("V", "version", 0, 1, "Print version information and exit"), sslhcfg_foreground = arg_litn("f", "foreground", 0, 1, "Run in foreground instead of as a daemon"), sslhcfg_inetd = arg_litn("i", "inetd", 0, 1, "Run in inetd mode: use stdin/stdout instead of network listen"), @@ -2308,9 +2290,6 @@ void sslhcfg_fprint( fprintf(out, "verbose_int_error: %d", sslhcfg->verbose_int_error); fprintf(out, "\n"); indent(out, depth); - fprintf(out, "verbose: %d", sslhcfg->verbose); - fprintf(out, "\n"); - indent(out, depth); fprintf(out, "version: %d", sslhcfg->version); fprintf(out, "\n"); indent(out, depth); diff --git a/sslh-conf.h b/sslh-conf.h index 192ae76..e50197d 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 26 16:54:06 2021. + * on Mon Sep 27 13:21:48 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -85,7 +85,6 @@ struct sslhcfg_item { int verbose_probe_error; int verbose_system_error; int verbose_int_error; - int verbose; int version; int foreground; int inetd; diff --git a/sslh-main.c b/sslh-main.c index c1076f6..9f326a5 100644 --- a/sslh-main.c +++ b/sslh-main.c @@ -196,7 +196,6 @@ int main(int argc, char *argv[], char* envp[]) if (cfg.inetd) { - cfg.verbose = 0; close(fileno(stderr)); /* Make sure no error will go to client */ start_shoveler(0); exit(0); diff --git a/sslhconf.cfg b/sslhconf.cfg index c03b8ea..d84c081 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -39,7 +39,6 @@ config: { { name: "verbose-system-error"; type: "int"; default: 3; }, { name: "verbose-int-error"; type: "int"; default: 3; }, - { name: "verbose"; type: "int"; short: "v" }, # to delete { name: "version"; type: "bool"; default: false; short: "V"; description: "Print version information and exit"; }, diff --git a/test.cfg b/test.cfg index 2b95c65..4330cfa 100644 --- a/test.cfg +++ b/test.cfg @@ -1,7 +1,6 @@ # Configuration file for testing (use both by sslh under # test and the test script `t`) -verbose: 4; foreground: true; inetd: false; numeric: true; @@ -15,16 +14,17 @@ syslog_facility: "auth"; # Value: 1: stdout; 2: syslog; 3: both # Defaults should be sensible. Generally, you want *-error # to be always enabled, to know if something is going wrong. -#verbose-config: 3; # config: print configuration at startup -#verbose-config-error: 3; #config-error: print configuration errors -#verbose-connections: 3; #config-connections: track connections -#verbose-fd: 3; # file descriptor activity, open/close/whatnot +verbose-config: 3; # print configuration at startup +verbose-config-error: 3; # print configuration errors +verbose-connections: 3; # trace established incoming address to forward address +verbose-connections-error: 3; # connection errors +verbose-connections-try: 3; # connection attempts towards targets +verbose-fd: 3; # file descriptor activity, open/close/whatnot verbose-packets: 3; # hexdump packets on which probing is done -#verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing -#verbose-int-error: 3; # internal errors, the kind that should never happen -#verbose-connections-try: 3; # connection attempts towards targets -#verbose-connections: 3; # trace established incoming address to forward address -# verbose-connections-error: 3; # connection errors +verbose-probe-info: 3; # what's happening during the probe process +verbose-probe-error: 3; # failures and problems during probing +verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing +verbose-int-error: 3; # internal errors, the kind that should never happen # List of interfaces on which we should listen # Options: From 9955cc65604f34fbb503b05355a998b757d205c1 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sat, 2 Oct 2021 15:38:22 +0200 Subject: [PATCH 19/19] describe verbose options --- sslh-conf.c | 24 ++++++++++++------------ sslh-conf.h | 2 +- sslhconf.cfg | 33 ++++++++++++++++++++++----------- 3 files changed, 35 insertions(+), 24 deletions(-) diff --git a/sslh-conf.c b/sslh-conf.c index 0afdfb6..3dd5345 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Mon Sep 27 13:21:48 2021. + * on Sat Oct 2 09:01:25 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -2078,17 +2078,17 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) #ifdef LIBCONFIG sslhcfg_conffile = arg_filen("F", "config", "", 0, 1, "Specify configuration file"), #endif - sslhcfg_verbose_config = arg_intn(NULL, "verbose-config", "", 0, 1, ""), - sslhcfg_verbose_config_error = arg_intn(NULL, "verbose-config-error", "", 0, 1, ""), - sslhcfg_verbose_connections = arg_intn(NULL, "verbose-connections", "", 0, 1, ""), - sslhcfg_verbose_connections_try = arg_intn(NULL, "verbose-connections-try", "", 0, 1, ""), - sslhcfg_verbose_connections_error = arg_intn(NULL, "verbose-connections-error", "", 0, 1, ""), - sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "", 0, 1, ""), - sslhcfg_verbose_packets = arg_intn(NULL, "verbose-packets", "", 0, 1, ""), - sslhcfg_verbose_probe_info = arg_intn(NULL, "verbose-probe-info", "", 0, 1, ""), - sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "", 0, 1, ""), - sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "", 0, 1, ""), - sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "", 0, 1, ""), + sslhcfg_verbose_config = arg_intn(NULL, "verbose-config", "", 0, 1, "Print configuration at startup"), + sslhcfg_verbose_config_error = arg_intn(NULL, "verbose-config-error", "", 0, 1, "Print configuration errors"), + sslhcfg_verbose_connections = arg_intn(NULL, "verbose-connections", "", 0, 1, "Trace established incoming address to forward address"), + sslhcfg_verbose_connections_try = arg_intn(NULL, "verbose-connections-try", "", 0, 1, "Connection errors"), + sslhcfg_verbose_connections_error = arg_intn(NULL, "verbose-connections-error", "", 0, 1, "Connection attempts towards targets"), + sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "", 0, 1, "File descriptor activity, open/close/whatnot"), + sslhcfg_verbose_packets = arg_intn(NULL, "verbose-packets", "", 0, 1, "Hexdump packets on which probing is done"), + sslhcfg_verbose_probe_info = arg_intn(NULL, "verbose-probe-info", "", 0, 1, "Trace the probe process"), + sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "", 0, 1, "Failures and problems during probing"), + sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "", 0, 1, "System call failures"), + sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "", 0, 1, "Internal errors that should never happen"), sslhcfg_version = arg_litn("V", "version", 0, 1, "Print version information and exit"), sslhcfg_foreground = arg_litn("f", "foreground", 0, 1, "Run in foreground instead of as a daemon"), sslhcfg_inetd = arg_litn("i", "inetd", 0, 1, "Run in inetd mode: use stdin/stdout instead of network listen"), diff --git a/sslh-conf.h b/sslh-conf.h index e50197d..e284232 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Mon Sep 27 13:21:48 2021. + * on Sat Oct 2 09:01:25 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle diff --git a/sslhconf.cfg b/sslhconf.cfg index d84c081..a0ad4ec 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -25,19 +25,30 @@ config: { name : "sslhcfg", type: "list", items: ( - { name: "verbose-config"; type: "int"; default: 0; }, - { name: "verbose-config-error"; type: "int"; default: 3; }, - { name: "verbose-connections"; type: "int"; default: 3; }, - { name: "verbose-connections-try"; type: "int"; default: 0; }, - { name: "verbose-connections-error"; type: "int"; default: 3; }, - { name: "verbose-fd"; type: "int"; default: 0; }, - { name: "verbose-packets"; type: "int"; default: 0; }, + { name: "verbose-config"; type: "int"; default: 0; + description: "Print configuration at startup" }, + { name: "verbose-config-error"; type: "int"; default: 3; + description: "Print configuration errors" }, + { name: "verbose-connections"; type: "int"; default: 3; + description: "Trace established incoming address to forward address" }, + { name: "verbose-connections-try"; type: "int"; default: 0; + description: "Connection errors" }, + { name: "verbose-connections-error"; type: "int"; default: 3; + description: "Connection attempts towards targets" }, + { name: "verbose-fd"; type: "int"; default: 0; + description: "File descriptor activity, open/close/whatnot" }, + { name: "verbose-packets"; type: "int"; default: 0; + description: "Hexdump packets on which probing is done" }, - { name: "verbose-probe-info"; type: "int"; default: 0; }, - { name: "verbose-probe-error"; type: "int"; default: 3; }, + { name: "verbose-probe-info"; type: "int"; default: 0; + description: "Trace the probe process" }, + { name: "verbose-probe-error"; type: "int"; default: 3; + description: "Failures and problems during probing" }, - { name: "verbose-system-error"; type: "int"; default: 3; }, - { name: "verbose-int-error"; type: "int"; default: 3; }, + { name: "verbose-system-error"; type: "int"; default: 3; + description: "System call failures" }, + { name: "verbose-int-error"; type: "int"; default: 3; + description: "Internal errors that should never happen" }, { name: "version"; type: "bool"; default: false; short: "V";