From 135358b063d9a792d9b8d2e856b4b6f317f8659f Mon Sep 17 00:00:00 2001 From: Fabian Dellwing Date: Mon, 11 Nov 2024 20:43:16 +0100 Subject: [PATCH] Add configuration parameter that allows to skip discovering interfaces This adds a new configuration parameter that allows the user to completly skip calling `is_same_machine` which is very expensive once the machine has a critical mass of interfaces. This comes with the downside of having to do more work in setting up potential unnecessary binds. --- common.c | 2 +- echosrv-conf.c | 2 +- echosrv-conf.h | 2 +- example.cfg | 6 ++++++ sslh-conf.c | 53 +++++++++++++++++++++++++++++++++++--------------- sslh-conf.h | 3 ++- sslhconf.cfg | 3 +++ 7 files changed, 51 insertions(+), 20 deletions(-) diff --git a/common.c b/common.c index 2eebda2..ea3de88 100644 --- a/common.c +++ b/common.c @@ -265,7 +265,7 @@ int bind_peer(int fd, int fd_from) CHECK_RES_RETURN(res, "getpeername", res); /* if the destination is the same machine, there's no need to do bind */ - if (is_same_machine(&from)) + if (!cfg.no_discover_interfaces && is_same_machine(&from)) return 0; #ifndef IP_BINDANY /* use IP_TRANSPARENT */ diff --git a/echosrv-conf.c b/echosrv-conf.c index 1f3a1b2..de5defd 100644 --- a/echosrv-conf.c +++ b/echosrv-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 8 23:10:29 2024. + * on Mon Nov 11 20:36:23 2024. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2024 Yves Rutschle diff --git a/echosrv-conf.h b/echosrv-conf.h index 4cec9a5..214a827 100644 --- a/echosrv-conf.h +++ b/echosrv-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 8 23:10:29 2024. + * on Mon Nov 11 20:36:23 2024. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2024 Yves Rutschle diff --git a/example.cfg b/example.cfg index fe2f3ab..31428b6 100644 --- a/example.cfg +++ b/example.cfg @@ -47,6 +47,12 @@ udp_max_connections: 16; # "none" disables use of syslog syslog_facility: "auth"; +# Disable discovering of local interfaces (useful if you +# have a lot of interfaces and don't want to spend time +# probing them all) +# Default is false +#no-discover-interfaces: true; + # List of interfaces on which we should listen # Options: listen: diff --git a/sslh-conf.c b/sslh-conf.c index 70274a0..1d07e21 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 8 23:10:29 2024. + * on Mon Nov 11 20:36:23 2024. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2024 Yves Rutschle @@ -483,6 +483,7 @@ struct arg_file* sslhcfg_conffile; struct arg_str* sslhcfg_syslog_facility; struct arg_str* sslhcfg_logfile; struct arg_str* sslhcfg_on_timeout; + struct arg_lit* sslhcfg_no_discover_interfaces; struct arg_str* sslhcfg_prefix; struct arg_str* sslhcfg_listen; struct arg_str* sslhcfg_ssh; @@ -830,7 +831,7 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { @@ -1234,6 +1235,22 @@ static struct config_desc table_sslhcfg[] = { /* default_val*/ .default_val.def_string = "ssh" }, + { + /* name */ "no_discover_interfaces", + /* type */ CFG_BOOL, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_no_discover_interfaces, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, no_discover_interfaces), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_bool = 0 + }, + { /* name */ "prefix", /* type */ CFG_STRING, @@ -1404,7 +1421,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [26], + .base_entry = & table_sslhcfg [27], .targets = sslhcfg_listen_targets, @@ -1416,7 +1433,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_ssh_targets, @@ -1428,7 +1445,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_tls_targets, @@ -1440,7 +1457,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssl */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssl, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_ssl_targets, @@ -1452,7 +1469,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_openvpn_targets, @@ -1464,7 +1481,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_tinc_targets, @@ -1476,7 +1493,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: wireguard */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_wireguard, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_wireguard_targets, @@ -1488,7 +1505,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_xmpp_targets, @@ -1500,7 +1517,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_http_targets, @@ -1512,7 +1529,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_adb_targets, @@ -1524,7 +1541,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_socks5_targets, @@ -1536,7 +1553,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_syslog_targets, @@ -1548,7 +1565,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: msrdp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_msrdp, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_msrdp_targets, @@ -1560,7 +1577,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [27], + .base_entry = & table_sslhcfg [28], .targets = sslhcfg_anyprot_targets, @@ -2250,6 +2267,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) sslhcfg_syslog_facility = arg_strn(NULL, "syslog-facility", "", 0, 1, "Facility to syslog to"), sslhcfg_logfile = arg_strn(NULL, "logfile", "", 0, 1, "Log messages to a file"), sslhcfg_on_timeout = arg_strn(NULL, "on-timeout", "", 0, 1, "Target to connect to when timing out"), + sslhcfg_no_discover_interfaces = arg_litn(NULL, "no-discover-interfaces", 0, 1, "Do not discover interfaces"), sslhcfg_prefix = arg_strn(NULL, "prefix", "", 0, 1, "Reserved for testing"), sslhcfg_listen = arg_strn("p", "listen", "", 0, 10, "Listen on host:port"), sslhcfg_ssh = arg_strn(NULL, "ssh", "", 0, 10, "Set up ssh target"), @@ -2504,6 +2522,9 @@ void sslhcfg_fprint( fprintf(out, "on_timeout: %s", sslhcfg->on_timeout); fprintf(out, "\n"); indent(out, depth); + fprintf(out, "no_discover_interfaces: %d", sslhcfg->no_discover_interfaces); + fprintf(out, "\n"); + indent(out, depth); fprintf(out, "prefix: %s", sslhcfg->prefix); fprintf(out, "\n"); diff --git a/sslh-conf.h b/sslh-conf.h index 62c1e84..78b7959 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 8 23:10:29 2024. + * on Mon Nov 11 20:36:23 2024. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2024 Yves Rutschle @@ -105,6 +105,7 @@ struct sslhcfg_item { int logfile_is_present; char* logfile; char* on_timeout; + int no_discover_interfaces; char* prefix; size_t listen_len; struct sslhcfg_listen_item* listen; diff --git a/sslhconf.cfg b/sslhconf.cfg index e64b49f..0df1b1e 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -89,6 +89,9 @@ config: { { name: "on-timeout"; type: "string"; default: "ssh"; description: "Target to connect to when timing out"; }, + { name: "no-discover-interfaces"; type: "bool"; default: false; + description: "Do not discover interfaces"; }, + { name: "prefix"; type: "string"; default: ""; description: "Reserved for testing" }, # For echosrv only, not sslh { name: "listen",