third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-20 18:57:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

migrate tls.c and probe.c to new log system

Browse Source
This commit is contained in:
yrutschle 2021-09-26 16:55:31 +02:00
parent e6cbbe9511
commit 6ea7d48f86
7 changed files with 88 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
log.c
View File

@ -80,6 +80,18 @@ msg_info msg_connections_error = {
};
/* comment the probing process */
msg_info msg_probe_info = {
LOG_INFO,
&cfg.verbose_probe_info
};
/* probing errors, e.g. inconsistent data in connections */
msg_info msg_probe_error = {
LOG_ERR,
&cfg.verbose_probe_error
};
/* Bitmasks in verbose-* values */

3
log.h
View File

@ -26,4 +26,7 @@ extern msg_info msg_connections_try;
extern msg_info msg_connections_error;
extern msg_info msg_connections;
extern msg_info msg_probe_info;
extern msg_info msg_probe_error;
#endif /* LOG_H */

9
probe.c
View File

@ -334,7 +334,7 @@ static int regex_probe(const char *p, ssize_t len, struct sslhcfg_protocols_item
return 0;
#else
/* Should never happen as we check when loading config file */
fprintf(stderr, "FATAL: regex probe called but not built in\n");
print_message(msg_int_error, "FATAL: regex probe called but not built in\n");
exit(5);
#endif
}
@ -362,20 +362,21 @@ int probe_buffer(char* buf, int len, struct sslhcfg_protocols_item** proto)
if (! p->probe) continue;
if (cfg.verbose) fprintf(stderr, "probing for %s\n", p->name);
print_message(msg_probe_info, "probing for %s\n", p->name);
/* Don't probe last protocol if it is anyprot (and store last protocol) */
if ((i == cfg.protocols_len - 1) && (!strcmp(p->name, "anyprot")))
break;
if (p->minlength_is_present && (len < p->minlength )) {
fprintf(stderr, "input too short, %d bytes but need %d\n", len , p->minlength);
print_message(msg_probe_info, "input too short, %d bytes but need %d\n",
len , p->minlength);
again++;
continue;
}
res = p->probe(buf, len, p);
if (cfg.verbose) fprintf(stderr, "probed for %s: %s\n", p->name, probe_str[res]);
print_message(msg_probe_info, "probed for %s: %s\n", p->name, probe_str[res]);
if (res == PROBE_MATCH) {
*proto = p;

68
sslh-conf.c
View File

@ -1,5 +1,5 @@
/* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
* on Sun Sep 26 15:51:02 2021.
* on Sun Sep 26 16:54:06 2021.
# conf2struct: generate libconf parsers that read to structs
# Copyright (C) 2018-2021 Yves Rutschle
@ -450,6 +450,8 @@ struct arg_file* sslhcfg_conffile;
struct arg_int* sslhcfg_verbose_connections_error;
struct arg_int* sslhcfg_verbose_fd;
struct arg_int* sslhcfg_verbose_packets;
struct arg_int* sslhcfg_verbose_probe_info;
struct arg_int* sslhcfg_verbose_probe_error;
struct arg_int* sslhcfg_verbose_system_error;
struct arg_int* sslhcfg_verbose_int_error;
struct arg_int* sslhcfg_verbose;
@ -792,7 +794,7 @@ static struct config_desc table_sslhcfg_listen[] = {
},
{ 0 }
};
static struct config_desc table_sslhcfg[] = {
@ -908,6 +910,38 @@ static struct config_desc table_sslhcfg[] = {
/* default_val*/ .default_val.def_int = 0
},
{
/* name */ "verbose_probe_info",
/* type */ CFG_INT,
/* sub_group*/ NULL,
/* arg_cl */ & sslhcfg_verbose_probe_info,
/* base_addr */ NULL,
/* offset */ offsetof(struct sslhcfg_item, verbose_probe_info),
/* offset_len */ 0,
/* offset_present */ 0,
/* size */ sizeof(int),
/* array_type */ -1,
/* mandatory */ 0,
/* optional */ 0,
/* default_val*/ .default_val.def_int = 0
},
{
/* name */ "verbose_probe_error",
/* type */ CFG_INT,
/* sub_group*/ NULL,
/* arg_cl */ & sslhcfg_verbose_probe_error,
/* base_addr */ NULL,
/* offset */ offsetof(struct sslhcfg_item, verbose_probe_error),
/* offset_len */ 0,
/* offset_present */ 0,
/* size */ sizeof(int),
/* array_type */ -1,
/* mandatory */ 0,
/* optional */ 0,
/* default_val*/ .default_val.def_int = 3
},
{
/* name */ "verbose_system_error",
/* type */ CFG_INT,
@ -1276,7 +1310,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: listen */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_listen,
.base_entry = & table_sslhcfg [22],
.base_entry = & table_sslhcfg [24],
.targets = sslhcfg_listen_targets,
@ -1288,7 +1322,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: ssh */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_ssh,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_ssh_targets,
@ -1300,7 +1334,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: tls */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_tls,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_tls_targets,
@ -1312,7 +1346,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: openvpn */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_openvpn,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_openvpn_targets,
@ -1324,7 +1358,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: tinc */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_tinc,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_tinc_targets,
@ -1336,7 +1370,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: xmpp */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_xmpp,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_xmpp_targets,
@ -1348,7 +1382,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: http */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_http,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_http_targets,
@ -1360,7 +1394,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: adb */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_adb,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_adb_targets,
@ -1372,7 +1406,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: socks5 */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_socks5,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_socks5_targets,
@ -1384,7 +1418,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: syslog */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_syslog,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_syslog_targets,
@ -1396,7 +1430,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: anyprot */
.regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_anyprot,
.base_entry = & table_sslhcfg [23],
.base_entry = & table_sslhcfg [25],
.targets = sslhcfg_anyprot_targets,
@ -2068,6 +2102,8 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg)
sslhcfg_verbose_connections_error = arg_intn(NULL, "verbose-connections-error", "<n>", 0, 1, ""),
sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "<n>", 0, 1, ""),
sslhcfg_verbose_packets = arg_intn(NULL, "verbose-packets", "<n>", 0, 1, ""),
sslhcfg_verbose_probe_info = arg_intn(NULL, "verbose-probe-info", "<n>", 0, 1, ""),
sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "<n>", 0, 1, ""),
sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "<n>", 0, 1, ""),
sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "<n>", 0, 1, ""),
sslhcfg_verbose = arg_intn("v", "verbose", "<n>", 0, 1, ""),
@ -2260,6 +2296,12 @@ void sslhcfg_fprint(
fprintf(out, "verbose_packets: %d", sslhcfg->verbose_packets);
fprintf(out, "\n");
indent(out, depth);
fprintf(out, "verbose_probe_info: %d", sslhcfg->verbose_probe_info);
fprintf(out, "\n");
indent(out, depth);
fprintf(out, "verbose_probe_error: %d", sslhcfg->verbose_probe_error);
fprintf(out, "\n");
indent(out, depth);
fprintf(out, "verbose_system_error: %d", sslhcfg->verbose_system_error);
fprintf(out, "\n");
indent(out, depth);

4
sslh-conf.h
View File

@ -1,5 +1,5 @@
/* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
* on Sun Sep 26 15:51:02 2021.
* on Sun Sep 26 16:54:06 2021.
# conf2struct: generate libconf parsers that read to structs
# Copyright (C) 2018-2021 Yves Rutschle
@ -81,6 +81,8 @@ struct sslhcfg_item {
int verbose_connections_error;
int verbose_fd;
int verbose_packets;
int verbose_probe_info;
int verbose_probe_error;
int verbose_system_error;
int verbose_int_error;
int verbose;

3
sslhconf.cfg
View File

@ -33,6 +33,9 @@ config: {
{ name: "verbose-fd"; type: "int"; default: 0; },
{ name: "verbose-packets"; type: "int"; default: 0; },
{ name: "verbose-probe-info"; type: "int"; default: 0; },
{ name: "verbose-probe-error"; type: "int"; default: 3; },
{ name: "verbose-system-error"; type: "int"; default: 3; },
{ name: "verbose-int-error"; type: "int"; default: 3; },

13
tls.c
View File

@ -33,6 +33,7 @@
#include <fnmatch.h> /* fnmatch() */
#include "tls.h"
#include "sslh-conf.h"
#include "log.h"
#define TLS_HEADER_LEN 5
#define TLS_HANDSHAKE_CONTENT_TYPE 0x16
@ -82,14 +83,14 @@ parse_tls_header(const struct TLSProtocol *tls_data, const char *data, size_t da
tls_content_type = data[0];
if (tls_content_type != TLS_HANDSHAKE_CONTENT_TYPE) {
if (cfg.verbose) fprintf(stderr, "Request did not begin with TLS handshake.\n");
print_message(msg_probe_error, "Request did not begin with TLS handshake.\n");
return TLS_EPROTOCOL;
}
tls_version_major = data[1];
tls_version_minor = data[2];
if (tls_version_major < 3) {
if (cfg.verbose) fprintf(stderr, "Received SSL %d.%d handshake which cannot be parsed.\n",
print_message(msg_probe_error, "Received SSL %d.%d handshake which cannot be parsed.\n",
tls_version_major, tls_version_minor);
return TLS_EVERSION;
@ -111,7 +112,7 @@ parse_tls_header(const struct TLSProtocol *tls_data, const char *data, size_t da
return TLS_EPROTOCOL;
}
if (data[pos] != TLS_HANDSHAKE_TYPE_CLIENT_HELLO) {
if (cfg.verbose) fprintf(stderr, "Not a client hello\n");
print_message(msg_probe_error, "Not a client hello\n");
return TLS_EPROTOCOL;
}
@ -228,7 +229,7 @@ parse_server_name_extension(const struct TLSProtocol *tls_data, const char *data
return TLS_ENOEXT;
}
default:
if (cfg.verbose) fprintf(stderr, "Unknown server name extension name type: %d\n",
print_message(msg_probe_error, "Unknown server name extension name type: %d\n",
data[pos]);
}
pos += 3 + len;
@ -254,7 +255,7 @@ parse_alpn_extension(const struct TLSProtocol *tls_data, const char *data, size_
if (len > 0 && has_match(tls_data->alpn_protocol_list, tls_data->alpn_list_len, data + pos + 1, len)) {
return len;
} else if (len > 0) {
if (cfg.verbose) fprintf(stderr, "Unknown ALPN name: %.*s\n", (int)len, data + pos + 1);
print_message(msg_probe_error, "Unknown ALPN name: %.*s\n", (int)len, data + pos + 1);
}
pos += 1 + len;
}
@ -276,7 +277,7 @@ has_match(const char** list, size_t list_len, const char* name, size_t name_len)
for (i = 0; i < list_len; i++) {
item = &list[i];
if (cfg.verbose) fprintf(stderr, "matching [%.*s] with [%s]\n", (int)name_len, name, *item);
print_message(msg_probe_error, "matching [%.*s] with [%s]\n", (int)name_len, name, *item);
if(!fnmatch(*item, name_nullterminated, 0)) {
free(name_nullterminated);
return 1;