added syslog probe (fixes #34)

2025-04-08 05:10:05 +03:00 · 2021-08-04 15:26:50 +02:00 · 2021-08-04 15:26:50 +02:00 · 63f9c4a582
commit 63f9c4a582
parent 0e45107797
7 changed files with 54 additions and 4 deletions
--- a/2
+++ b/2
@ -19,6 +19,8 @@ vNEXT:

 	Added probes for UDP protocols QUICK and Teamspeak.

+	Added probes for syslog protocol.
+
 	sslh-select refactored to change linear searches
 	through connections to linear searches through
 	fd_set.
--- a/probe.c
+++ b/probe.c
@ -40,6 +40,7 @@ static int is_adb_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_
 static int is_socks5_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
 static int is_quick_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
 static int is_teamspeak_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
+static int is_syslog_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
 static int is_true(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto) { return 1; }

 /* Table of protocols that have a built-in probe
@ -56,6 +57,7 @@ static struct protocol_probe_desc builtins[] = {
    { "socks5",     is_socks5_protocol },
    { "quick50",    is_quick_protocol },
    { "teamspeak",  is_teamspeak_protocol },
+    { "syslog",     is_syslog_protocol },
    { "anyprot",    is_true }
 };

@ -311,6 +313,19 @@ static int is_teamspeak_protocol(const char *p, ssize_t len, struct sslhcfg_prot
    return memmem(p, len, "TS3INIT1", 8) ? 1 : 0;
 }

+static int is_syslog_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)
+{
+    int res, i, j;
+
+    res = sscanf(p, "<%d>", &i);
+    if (res == 1) return 1;
+
+    res = sscanf(p, "%d <%d>", &i, &j);
+    if (res == 2) return 1;
+
+    return 0;
+}
+
 static int regex_probe(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)
 {
 #ifdef ENABLE_REGEX
--- a/sslh-conf.c
+++ b/sslh-conf.c
@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Aug  1 21:58:56 2021. 
+ * on Wed Aug  4 09:40:03 2021. 

 # conf2struct: generate libconf parsers that read to structs
 # Copyright (C) 2018-2021  Yves Rutschle
@ -466,6 +466,7 @@ struct arg_file* sslhcfg_conffile;
 	struct arg_str* sslhcfg_socks5;
 	struct arg_str* sslhcfg_quick50;
 	struct arg_str* sslhcfg_teamspeak;
+ 	struct arg_str* sslhcfg_syslog;
 	struct arg_str* sslhcfg_anyprot;
 struct arg_end* sslhcfg_end;

@ -1020,6 +1021,14 @@ static struct compound_cl_target sslhcfg_anyprot_targets [] = {
 	{ 0 }
 };

+static struct compound_cl_target sslhcfg_syslog_targets [] = {
+	{ & table_sslhcfg_protocols[0], 0, .value.def_string = "syslog" },
+	{ & table_sslhcfg_protocols[1], 1, .value.def_string = "0" },
+	{ & table_sslhcfg_protocols[2], 2, .value.def_string = "0" },
+	{ & table_sslhcfg_protocols[9], 0, .value.def_int = 1 },
+	{ 0 }
+};
+
 static struct compound_cl_target sslhcfg_teamspeak_targets [] = {
 	{ & table_sslhcfg_protocols[0], 0, .value.def_string = "teamspeak" },
 	{ & table_sslhcfg_protocols[1], 1, .value.def_string = "0" },
@ -1246,6 +1255,18 @@ static struct compound_cl_arg compound_cl_args[] = {
            .override_const = "teamspeak",
        },

+        {   /* arg: syslog */
+            .regex =           "(.+):(\\w+)",
+            .arg_cl =          & sslhcfg_syslog,
+            .base_entry =      & table_sslhcfg [13],
+            .targets =         sslhcfg_syslog_targets,
+
+
+            .override_desc =   & table_sslhcfg_protocols [0],
+            .override_matchindex = 0,
+            .override_const = "syslog",
+        },
+
        {   /* arg: anyprot */
            .regex =           "(.+):(\\w+)",
            .arg_cl =          & sslhcfg_anyprot,
@ -1937,6 +1958,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg)
 	sslhcfg_socks5 = arg_strn(NULL, "socks5", "<host:port>", 0, 10, "Set up socks5 target"),
 	sslhcfg_quick50 = arg_strn(NULL, "quick50", "<host:port>", 0, 10, "Set up QUICK-50 target"),
 	sslhcfg_teamspeak = arg_strn(NULL, "teamspeak", "<host:port>", 0, 10, "Set up Teamspeak3 target"),
+ 	sslhcfg_syslog = arg_strn(NULL, "syslog", "<host:port>", 0, 10, "Set up syslog target"),
 	sslhcfg_anyprot = arg_strn(NULL, "anyprot", "<host:port>", 0, 10, "Set up default target"),
 	sslhcfg_end = arg_end(10)

--- a/sslh-conf.h
+++ b/sslh-conf.h
@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Aug  1 21:58:56 2021. 
+ * on Wed Aug  4 09:40:03 2021. 

 # conf2struct: generate libconf parsers that read to structs
 # Copyright (C) 2018-2021  Yves Rutschle
--- a/sslhconf.cfg
+++ b/sslhconf.cfg
@ -244,6 +244,17 @@ cl_groups: (
        { path: "log_level"; value: 1 }
        );
    },
+    { name: "syslog"; pattern: "(.+):(\w+)"; description: "Set up syslog target";
+        list: "protocols";
+        override: "name";
+        argdesc: "<host:port>";
+        targets: (
+        { path: "name"; value: "syslog" },
+        { path: "host"; value: "$1" },
+        { path: "port"; value: "$2" },
+        { path: "log_level"; value: 1 }
+        );
+    },
    { name: "anyprot"; pattern: "(.+):(\w+)"; description: "Set up default target";
        list: "protocols";
        override: "name";
--- a/1
+++ b/1
@ -137,6 +137,7 @@ sub test_probes {
                data => "\x16\x03\x01\x00\xab\x01\x00\x00\xa7\x03\x03\x89\x22\x33\x95\x43\x7a\xc3\x89\x45\x51\x12\x3c\x28\x24\x1b\x6a\x78\xbf\xbe\x95\xd8\x90\x58\xd7\x65\xf7\xbb\x2d\xb2\x8d\xa0\x75\x00\x00\x38\xc0\x2c\xc0\x30\x00\x9f\xcc\xa9\xcc\xa8\xcc\xaa\xc0\x2b\xc0\x2f\x00\x9e\xc0\x24\xc0\x28\x00\x6b\xc0\x23\xc0\x27\x00\x67\xc0\x0a\xc0\x14\x00\x39\xc0\x09\xc0\x13\x00\x33\x00\x9d\x00\x9c\x00\x3d\x00\x3c\x00\x35\x00\x2f\x00\xff\x01\x00\x00\x46\x00\x0b\x00\x04\x03\x00\x01\x02\x00\x0a\x00\x0a\x00\x08\x00\x1d\x00\x17\x00\x19\x00\x18\x00\x23\x00\x00\x00\x0d\x00\x20\x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x16\x00\x00\x00\x17\x00\x00hello tls alone"
            },
            'openvpn' => { data => "\x00\x00" },
+            'syslog' => { data => "<42> My syslog message" },
            'tinc' => { data => "0 hello" },
            'xmpp' => {data => "I should get a real jabber connection initialisation here" },
            'adb' => { data => "CNXN....................host:..." },
--- a/test.cfg
+++ b/test.cfg
@ -31,8 +31,7 @@ protocols:
     { name: "openvpn";  host: "localhost"; port: "9004"; },
     { name: "xmpp";  host: "localhost"; port: "9009"; },
     { name: "adb";  host: "localhost"; port: "9010"; },
-     { name: "quick50"; host: "localhost"; is_udp: true; port: "9011"; },
-     { name: "teamspeak"; host: "localhost"; is_udp: true; port: "9012"; },
+     { name: "syslog"; host: "localhost"; port: "9013"; },
     { name: "regex"; host: "ip4-localhost"; is_udp: true; port: "9020";
         udp_timeout: 30;
         regex_patterns: [ "^foo" ];