From 63f9c4a582f79f4d0e484efe0ccaeed77a79f7df Mon Sep 17 00:00:00 2001
From: yrutschle <git1@rutschle.net>
Date: Wed, 4 Aug 2021 15:26:50 +0200
Subject: [PATCH] added syslog probe (fixes #34)
---
ChangeLog | 2 ++
probe.c | 15 +++++++++++++++
sslh-conf.c | 24 +++++++++++++++++++++++-
sslh-conf.h | 2 +-
sslhconf.cfg | 11 +++++++++++
t | 1 +
test.cfg | 3 +--
7 files changed, 54 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 513dbff..53333c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,8 @@ vNEXT:
Added probes for UDP protocols QUICK and Teamspeak.
+ Added probes for syslog protocol.
+
sslh-select refactored to change linear searches
through connections to linear searches through
fd_set.
diff --git a/probe.c b/probe.c
index 38b867c..28e58fe 100644
--- a/probe.c
+++ b/probe.c
@@ -40,6 +40,7 @@ static int is_adb_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_
static int is_socks5_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
static int is_quick_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
static int is_teamspeak_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
+static int is_syslog_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
static int is_true(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto) { return 1; }
/* Table of protocols that have a built-in probe
@@ -56,6 +57,7 @@ static struct protocol_probe_desc builtins[] = {
{ "socks5", is_socks5_protocol },
{ "quick50", is_quick_protocol },
{ "teamspeak", is_teamspeak_protocol },
+ { "syslog", is_syslog_protocol },
{ "anyprot", is_true }
};
@@ -311,6 +313,19 @@ static int is_teamspeak_protocol(const char *p, ssize_t len, struct sslhcfg_prot
return memmem(p, len, "TS3INIT1", 8) ? 1 : 0;
}
+static int is_syslog_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)
+{
+ int res, i, j;
+
+ res = sscanf(p, "<%d>", &i);
+ if (res == 1) return 1;
+
+ res = sscanf(p, "%d <%d>", &i, &j);
+ if (res == 2) return 1;
+
+ return 0;
+}
+
static int regex_probe(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)
{
#ifdef ENABLE_REGEX
diff --git a/sslh-conf.c b/sslh-conf.c
index 86e1e6b..cf255a8 100644
--- a/sslh-conf.c
+++ b/sslh-conf.c
@@ -1,5 +1,5 @@
/* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Aug 1 21:58:56 2021.
+ * on Wed Aug 4 09:40:03 2021.
# conf2struct: generate libconf parsers that read to structs
# Copyright (C) 2018-2021 Yves Rutschle
@@ -466,6 +466,7 @@ struct arg_file* sslhcfg_conffile;
struct arg_str* sslhcfg_socks5;
struct arg_str* sslhcfg_quick50;
struct arg_str* sslhcfg_teamspeak;
+ struct arg_str* sslhcfg_syslog;
struct arg_str* sslhcfg_anyprot;
struct arg_end* sslhcfg_end;
@@ -1020,6 +1021,14 @@ static struct compound_cl_target sslhcfg_anyprot_targets [] = {
{ 0 }
};
+static struct compound_cl_target sslhcfg_syslog_targets [] = {
+ { & table_sslhcfg_protocols[0], 0, .value.def_string = "syslog" },
+ { & table_sslhcfg_protocols[1], 1, .value.def_string = "0" },
+ { & table_sslhcfg_protocols[2], 2, .value.def_string = "0" },
+ { & table_sslhcfg_protocols[9], 0, .value.def_int = 1 },
+ { 0 }
+};
+
static struct compound_cl_target sslhcfg_teamspeak_targets [] = {
{ & table_sslhcfg_protocols[0], 0, .value.def_string = "teamspeak" },
{ & table_sslhcfg_protocols[1], 1, .value.def_string = "0" },
@@ -1246,6 +1255,18 @@ static struct compound_cl_arg compound_cl_args[] = {
.override_const = "teamspeak",
},
+ { /* arg: syslog */
+ .regex = "(.+):(\\w+)",
+ .arg_cl = & sslhcfg_syslog,
+ .base_entry = & table_sslhcfg [13],
+ .targets = sslhcfg_syslog_targets,
+
+
+ .override_desc = & table_sslhcfg_protocols [0],
+ .override_matchindex = 0,
+ .override_const = "syslog",
+ },
+
{ /* arg: anyprot */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_anyprot,
@@ -1937,6 +1958,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg)
sslhcfg_socks5 = arg_strn(NULL, "socks5", "<host:port>", 0, 10, "Set up socks5 target"),
sslhcfg_quick50 = arg_strn(NULL, "quick50", "<host:port>", 0, 10, "Set up QUICK-50 target"),
sslhcfg_teamspeak = arg_strn(NULL, "teamspeak", "<host:port>", 0, 10, "Set up Teamspeak3 target"),
+ sslhcfg_syslog = arg_strn(NULL, "syslog", "<host:port>", 0, 10, "Set up syslog target"),
sslhcfg_anyprot = arg_strn(NULL, "anyprot", "<host:port>", 0, 10, "Set up default target"),
sslhcfg_end = arg_end(10)
diff --git a/sslh-conf.h b/sslh-conf.h
index 4219d21..c94c41d 100644
--- a/sslh-conf.h
+++ b/sslh-conf.h
@@ -1,5 +1,5 @@
/* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Aug 1 21:58:56 2021.
+ * on Wed Aug 4 09:40:03 2021.
# conf2struct: generate libconf parsers that read to structs
# Copyright (C) 2018-2021 Yves Rutschle
diff --git a/sslhconf.cfg b/sslhconf.cfg
index efb8cde..6881b2d 100644
--- a/sslhconf.cfg
+++ b/sslhconf.cfg
@@ -244,6 +244,17 @@ cl_groups: (
{ path: "log_level"; value: 1 }
);
},
+ { name: "syslog"; pattern: "(.+):(\w+)"; description: "Set up syslog target";
+ list: "protocols";
+ override: "name";
+ argdesc: "<host:port>";
+ targets: (
+ { path: "name"; value: "syslog" },
+ { path: "host"; value: "$1" },
+ { path: "port"; value: "$2" },
+ { path: "log_level"; value: 1 }
+ );
+ },
{ name: "anyprot"; pattern: "(.+):(\w+)"; description: "Set up default target";
list: "protocols";
override: "name";
diff --git a/t b/t
index 0f85dc3..7f8185c 100755
--- a/t
+++ b/t
@@ -137,6 +137,7 @@ sub test_probes {
data => "\x16\x03\x01\x00\xab\x01\x00\x00\xa7\x03\x03\x89\x22\x33\x95\x43\x7a\xc3\x89\x45\x51\x12\x3c\x28\x24\x1b\x6a\x78\xbf\xbe\x95\xd8\x90\x58\xd7\x65\xf7\xbb\x2d\xb2\x8d\xa0\x75\x00\x00\x38\xc0\x2c\xc0\x30\x00\x9f\xcc\xa9\xcc\xa8\xcc\xaa\xc0\x2b\xc0\x2f\x00\x9e\xc0\x24\xc0\x28\x00\x6b\xc0\x23\xc0\x27\x00\x67\xc0\x0a\xc0\x14\x00\x39\xc0\x09\xc0\x13\x00\x33\x00\x9d\x00\x9c\x00\x3d\x00\x3c\x00\x35\x00\x2f\x00\xff\x01\x00\x00\x46\x00\x0b\x00\x04\x03\x00\x01\x02\x00\x0a\x00\x0a\x00\x08\x00\x1d\x00\x17\x00\x19\x00\x18\x00\x23\x00\x00\x00\x0d\x00\x20\x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x16\x00\x00\x00\x17\x00\x00hello tls alone"
},
'openvpn' => { data => "\x00\x00" },
+ 'syslog' => { data => "<42> My syslog message" },
'tinc' => { data => "0 hello" },
'xmpp' => {data => "I should get a real jabber connection initialisation here" },
'adb' => { data => "CNXN....................host:..." },
diff --git a/test.cfg b/test.cfg
index 5fa4189..7dd66ea 100644
--- a/test.cfg
+++ b/test.cfg
@@ -31,8 +31,7 @@ protocols:
{ name: "openvpn"; host: "localhost"; port: "9004"; },
{ name: "xmpp"; host: "localhost"; port: "9009"; },
{ name: "adb"; host: "localhost"; port: "9010"; },
- { name: "quick50"; host: "localhost"; is_udp: true; port: "9011"; },
- { name: "teamspeak"; host: "localhost"; is_udp: true; port: "9012"; },
+ { name: "syslog"; host: "localhost"; port: "9013"; },
{ name: "regex"; host: "ip4-localhost"; is_udp: true; port: "9020";
udp_timeout: 30;
regex_patterns: [ "^foo" ];