third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-13 07:37:15 +03:00
Code Issues Packages Projects Releases Wiki Activity

add tfo_ok configuration setting

Browse Source
This commit is contained in:
yrutschle 2019-03-10 09:46:06 +01:00
parent ff91f94315
commit 15f733e572
4 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
example.cfg
View File

@ -41,6 +41,7 @@ listen:
# connection (default is off)
# fork: Should a new process be forked for this protocol?
# (only useful for sslh-select)
# tfo_ok: Set to true if the server supports TCP FAST OPEN
#
# Probe-specific options:
# (sslh will try each probe in order they are declared, and
@ -66,28 +67,26 @@ listen:
protocols:
(
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; keepalive: true; fork: true;
listen: ( { host: "hello"; port: "xmpp" }, { host: "world";
port: "dns" } ),
},
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22";
keepalive: true; fork: true; tfo_ok: true },
{ name: "http"; host: "localhost"; port: "80"; },
# match BOTH ALPN/SNI
{ name: "tls"; host: "localhost"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; sni_hostnames: [ "im.somethingelse.net" ]; log_level: 0;},
{ name: "tls"; host: "localhost"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; sni_hostnames: [ "im.somethingelse.net" ]; log_level: 0; tfo_ok: true },
# just match ALPN
{ name: "tls"; host: "localhost"; port: "443"; alpn_protocols: [ "h2", "http/1.1", "spdy/1", "spdy/2", "spdy/3" ]; log_level: 0; },
{ name: "tls"; host: "localhost"; port: "xmpp-client"; alpn_protocols: [ "xmpp-client" ]; log_level: 0;},
{ name: "tls"; host: "localhost"; port: "443"; alpn_protocols: [ "h2", "http/1.1", "spdy/1", "spdy/2", "spdy/3" ]; log_level: 0; tfo_ok: true },
{ name: "tls"; host: "localhost"; port: "xmpp-client"; alpn_protocols: [ "xmpp-client" ]; log_level: 0; tfo_ok: true },
# just match SNI
{ name: "tls"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; log_level: 0; },
{ name: "tls"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ]; log_level: 0;},
{ name: "tls"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; log_level: 0; tfo_ok: true },
{ name: "tls"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ]; log_level: 0; tfo_ok: true },
# Let's Encrypt (tls-sni-* challenges)
{ name: "tls"; host: "localhost"; port: "letsencrypt-client"; sni_hostnames: [ "*.*.acme.invalid" ]; log_level: 0;},
# catch anything else TLS
{ name: "tls"; host: "localhost"; port: "443"; },
{ name: "tls"; host: "localhost"; port: "443"; tfo_ok: true },
# Regex examples -- better use the built-in probes for real-world use!
# OpenVPN

11
sslh-conf.c
View File

@ -1,5 +1,5 @@
/* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
* on Sat Mar 9 12:35:49 2019. */
* on Sun Mar 10 09:37:57 2019. */
#define _GNU_SOURCE
#include <string.h>
@ -10,6 +10,7 @@
static void sslhcfg_protocols_init(struct sslhcfg_protocols_item* cfg) {
memset(cfg, 0, sizeof(*cfg));
cfg->fork = 0;
cfg->tfo_ok = 0;
cfg->log_level = 1;
cfg->keepalive = 0;
}
@ -94,6 +95,12 @@ static int sslhcfg_protocols_parser(
return 0;
} ;
}
if (config_setting_lookup(cfg, "tfo_ok")) {
if (config_setting_lookup_bool(cfg, "tfo_ok", &sslhcfg_protocols->tfo_ok) == CONFIG_FALSE) {
*errmsg = "Parsing of option \"tfo_ok\" failed";
return 0;
} ;
}
if (config_setting_lookup(cfg, "log_level")) {
if (config_setting_lookup_int(cfg, "log_level", &sslhcfg_protocols->log_level) == CONFIG_FALSE) {
*errmsg = "Parsing of option \"log_level\" failed";
@ -358,6 +365,8 @@ static void sslhcfg_protocols_fprint(
indent(out, depth);
fprintf(out, "fork: %d\n", sslhcfg_protocols->fork);
indent(out, depth);
fprintf(out, "tfo_ok: %d\n", sslhcfg_protocols->tfo_ok);
indent(out, depth);
fprintf(out, "log_level: %d\n", sslhcfg_protocols->log_level);
indent(out, depth);
fprintf(out, "keepalive: %d\n", sslhcfg_protocols->keepalive);

3
sslh-conf.h
View File

@ -1,5 +1,5 @@
/* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
* on Sat Mar 9 12:35:49 2019. */
* on Sun Mar 10 09:37:57 2019. */
#ifndef C2S_SSLHCFG_H
#define C2S_SSLHCFG_H
@ -23,6 +23,7 @@ struct sslhcfg_protocols_item {
int service_is_present;
const char* service;
int fork;
int tfo_ok;
int log_level;
int keepalive;
size_t sni_hostnames_len;

6
sslhconf.cfg
View File

@ -66,6 +66,8 @@ config: {
{ name: "port"; type: "string"; var: true; },
{ name: "service"; type: "string"; optional: true; },
{ name: "fork"; type: "boolean"; default: false },
{ name: "tfo_ok"; type: "boolean"; default: false;
description: "Set to true if this protocol supports TCP FAST OPEN" },
{ name: "log_level"; type: "int"; default: 1 },
{ name: "keepalive"; type: "boolean"; default: false },
{ name: "sni_hostnames",
@ -119,6 +121,7 @@ cl_groups: (
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "fork"; value: 1 }
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "tls"; pattern: "(\w+):(\w+)"; description: "Set up TLS/SSL target";
@ -129,6 +132,7 @@ cl_groups: (
{ path: "name"; value: "tls" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "openvpn"; pattern: "(\w+):(\w+)"; description: "Set up OpenVPN target";
@ -139,6 +143,7 @@ cl_groups: (
{ path: "name"; value: "openvpn" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "tinc"; pattern: "(\w+):(\w+)"; description: "Set up tinc target";
@ -149,6 +154,7 @@ cl_groups: (
{ path: "name"; value: "openvpn" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "xmpp"; pattern: "(\w+):(\w+)"; description: "Set up XMPP target";