From 15f733e572f3ea460f0bf98867e87512f959b2fc Mon Sep 17 00:00:00 2001
From: yrutschle <git1@rutschle.net>
Date: Sun, 10 Mar 2019 09:46:06 +0100
Subject: [PATCH] add tfo_ok configuration setting

---
 example.cfg  | 19 +++++++++----------
 sslh-conf.c  | 11 ++++++++++-
 sslh-conf.h  |  3 ++-
 sslhconf.cfg |  6 ++++++
 4 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/example.cfg b/example.cfg
index 3a746d6..ffbc2ba 100644
--- a/example.cfg
+++ b/example.cfg
@@ -41,6 +41,7 @@ listen:
 #               connection (default is off)
 #   fork: Should a new process be forked for this protocol?
 #         (only useful for sslh-select)
+#   tfo_ok: Set to true if the server supports TCP FAST OPEN
 #
 #  Probe-specific options:
 # (sslh will try each probe in order they are declared, and
@@ -66,28 +67,26 @@ listen:
  
 protocols:
 (
-     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; keepalive: true; fork: true;
-listen: ( { host: "hello"; port: "xmpp" }, { host: "world";
-port: "dns" } ), 
-     },
+     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; 
+       keepalive: true; fork: true; tfo_ok: true },
      { name: "http"; host: "localhost"; port: "80"; },
 
 # match BOTH ALPN/SNI
-     { name: "tls"; host: "localhost"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; sni_hostnames: [ "im.somethingelse.net" ]; log_level: 0;},
+     { name: "tls"; host: "localhost"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; sni_hostnames: [ "im.somethingelse.net" ]; log_level: 0; tfo_ok: true },
 
 # just match ALPN
-     { name: "tls"; host: "localhost"; port: "443"; alpn_protocols: [ "h2", "http/1.1", "spdy/1", "spdy/2", "spdy/3" ]; log_level: 0; },
-     { name: "tls"; host: "localhost"; port: "xmpp-client"; alpn_protocols: [ "xmpp-client" ];  log_level: 0;},
+     { name: "tls"; host: "localhost"; port: "443"; alpn_protocols: [ "h2", "http/1.1", "spdy/1", "spdy/2", "spdy/3" ]; log_level: 0;  tfo_ok: true },
+     { name: "tls"; host: "localhost"; port: "xmpp-client"; alpn_protocols: [ "xmpp-client" ];  log_level: 0; tfo_ok: true },
 
 # just match SNI
-     { name: "tls"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; log_level: 0; },
-     { name: "tls"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ];  log_level: 0;},
+     { name: "tls"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; log_level: 0;  tfo_ok: true },
+     { name: "tls"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ];  log_level: 0; tfo_ok: true },
 
 # Let's Encrypt (tls-sni-* challenges)
      { name: "tls"; host: "localhost"; port: "letsencrypt-client"; sni_hostnames: [ "*.*.acme.invalid" ];  log_level: 0;},
 
 # catch anything else TLS
-     { name: "tls"; host: "localhost"; port: "443"; },
+     { name: "tls"; host: "localhost"; port: "443";  tfo_ok: true },
 
 # Regex examples -- better use the built-in probes for real-world use!
 # OpenVPN
diff --git a/sslh-conf.c b/sslh-conf.c
index 0fba913..08bf7ca 100644
--- a/sslh-conf.c
+++ b/sslh-conf.c
@@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sat Mar  9 12:35:49 2019. */
+ * on Sun Mar 10 09:37:57 2019. */
 
 #define _GNU_SOURCE
 #include <string.h>
@@ -10,6 +10,7 @@
 static void sslhcfg_protocols_init(struct sslhcfg_protocols_item* cfg) {
         memset(cfg, 0, sizeof(*cfg));
 	cfg->fork = 0;
+	cfg->tfo_ok = 0;
 	cfg->log_level = 1;
 	cfg->keepalive = 0;
 }
@@ -94,6 +95,12 @@ static int sslhcfg_protocols_parser(
                 return 0;
             } ;
         }
+        if (config_setting_lookup(cfg, "tfo_ok")) {
+            if (config_setting_lookup_bool(cfg, "tfo_ok", &sslhcfg_protocols->tfo_ok) == CONFIG_FALSE) {
+                *errmsg = "Parsing of option \"tfo_ok\" failed";
+                return 0;
+            } ;
+        }
         if (config_setting_lookup(cfg, "log_level")) {
             if (config_setting_lookup_int(cfg, "log_level", &sslhcfg_protocols->log_level) == CONFIG_FALSE) {
                 *errmsg = "Parsing of option \"log_level\" failed";
@@ -358,6 +365,8 @@ static void sslhcfg_protocols_fprint(
         indent(out, depth);
         fprintf(out, "fork: %d\n", sslhcfg_protocols->fork);
         indent(out, depth);
+        fprintf(out, "tfo_ok: %d\n", sslhcfg_protocols->tfo_ok);
+        indent(out, depth);
         fprintf(out, "log_level: %d\n", sslhcfg_protocols->log_level);
         indent(out, depth);
         fprintf(out, "keepalive: %d\n", sslhcfg_protocols->keepalive);
diff --git a/sslh-conf.h b/sslh-conf.h
index 7391cdd..05477bd 100644
--- a/sslh-conf.h
+++ b/sslh-conf.h
@@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sat Mar  9 12:35:49 2019. */
+ * on Sun Mar 10 09:37:57 2019. */
  
 #ifndef C2S_SSLHCFG_H
 #define C2S_SSLHCFG_H
@@ -23,6 +23,7 @@ struct sslhcfg_protocols_item {
 	int	service_is_present;
 	const char*	service;
 	int	fork;
+	int	tfo_ok;
 	int	log_level;
 	int	keepalive;
 	size_t	sni_hostnames_len;
diff --git a/sslhconf.cfg b/sslhconf.cfg
index 0c52c11..40ca38b 100644
--- a/sslhconf.cfg
+++ b/sslhconf.cfg
@@ -66,6 +66,8 @@ config: {
                     { name: "port"; type: "string"; var: true; },
                     { name: "service"; type: "string"; optional: true; },
                     { name: "fork"; type: "boolean"; default: false },
+                    { name: "tfo_ok"; type: "boolean"; default: false;
+                        description: "Set to true if this protocol supports TCP FAST OPEN" },
                     { name: "log_level"; type: "int"; default: 1 },
                     { name: "keepalive"; type: "boolean"; default: false },
                     { name: "sni_hostnames",
@@ -119,6 +121,7 @@ cl_groups: (
         { path: "host"; value: "$1" },
         { path: "port"; value: "$2" },
         { path: "fork"; value: 1 }
+        { path: "tfo_ok"; value: 1 }
         );
     },
     { name: "tls"; pattern: "(\w+):(\w+)"; description: "Set up TLS/SSL target";
@@ -129,6 +132,7 @@ cl_groups: (
         { path: "name"; value: "tls" },
         { path: "host"; value: "$1" },
         { path: "port"; value: "$2" }
+        { path: "tfo_ok"; value: 1 }
         );
     },
     { name: "openvpn"; pattern: "(\w+):(\w+)"; description: "Set up OpenVPN target";
@@ -139,6 +143,7 @@ cl_groups: (
         { path: "name"; value: "openvpn" },
         { path: "host"; value: "$1" },
         { path: "port"; value: "$2" }
+        { path: "tfo_ok"; value: 1 }
         );
     },
     { name: "tinc"; pattern: "(\w+):(\w+)"; description: "Set up tinc target";
@@ -149,6 +154,7 @@ cl_groups: (
         { path: "name"; value: "openvpn" },
         { path: "host"; value: "$1" },
         { path: "port"; value: "$2" }
+        { path: "tfo_ok"; value: 1 }
         );
     },
     { name: "xmpp"; pattern: "(\w+):(\w+)"; description: "Set up XMPP target";