From 6ea7d48f86d9f9d96ff4eb2c91f8250131627323 Mon Sep 17 00:00:00 2001 From: yrutschle Date: Sun, 26 Sep 2021 16:55:31 +0200 Subject: [PATCH] migrate tls.c and probe.c to new log system --- log.c | 12 ++++++++++ log.h | 3 +++ probe.c | 9 +++---- sslh-conf.c | 68 ++++++++++++++++++++++++++++++++++++++++++---------- sslh-conf.h | 4 +++- sslhconf.cfg | 3 +++ tls.c | 13 +++++----- 7 files changed, 88 insertions(+), 24 deletions(-) diff --git a/log.c b/log.c index 217d86e..e83465a 100644 --- a/log.c +++ b/log.c @@ -80,6 +80,18 @@ msg_info msg_connections_error = { }; +/* comment the probing process */ +msg_info msg_probe_info = { + LOG_INFO, + &cfg.verbose_probe_info +}; + +/* probing errors, e.g. inconsistent data in connections */ +msg_info msg_probe_error = { + LOG_ERR, + &cfg.verbose_probe_error +}; + /* Bitmasks in verbose-* values */ diff --git a/log.h b/log.h index 7d2ea7a..622885a 100644 --- a/log.h +++ b/log.h @@ -26,4 +26,7 @@ extern msg_info msg_connections_try; extern msg_info msg_connections_error; extern msg_info msg_connections; +extern msg_info msg_probe_info; +extern msg_info msg_probe_error; + #endif /* LOG_H */ diff --git a/probe.c b/probe.c index 657842e..a1171b7 100644 --- a/probe.c +++ b/probe.c @@ -334,7 +334,7 @@ static int regex_probe(const char *p, ssize_t len, struct sslhcfg_protocols_item return 0; #else /* Should never happen as we check when loading config file */ - fprintf(stderr, "FATAL: regex probe called but not built in\n"); + print_message(msg_int_error, "FATAL: regex probe called but not built in\n"); exit(5); #endif } @@ -362,20 +362,21 @@ int probe_buffer(char* buf, int len, struct sslhcfg_protocols_item** proto) if (! p->probe) continue; - if (cfg.verbose) fprintf(stderr, "probing for %s\n", p->name); + print_message(msg_probe_info, "probing for %s\n", p->name); /* Don't probe last protocol if it is anyprot (and store last protocol) */ if ((i == cfg.protocols_len - 1) && (!strcmp(p->name, "anyprot"))) break; if (p->minlength_is_present && (len < p->minlength )) { - fprintf(stderr, "input too short, %d bytes but need %d\n", len , p->minlength); + print_message(msg_probe_info, "input too short, %d bytes but need %d\n", + len , p->minlength); again++; continue; } res = p->probe(buf, len, p); - if (cfg.verbose) fprintf(stderr, "probed for %s: %s\n", p->name, probe_str[res]); + print_message(msg_probe_info, "probed for %s: %s\n", p->name, probe_str[res]); if (res == PROBE_MATCH) { *proto = p; diff --git a/sslh-conf.c b/sslh-conf.c index e280054..9f7da74 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 26 15:51:02 2021. + * on Sun Sep 26 16:54:06 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -450,6 +450,8 @@ struct arg_file* sslhcfg_conffile; struct arg_int* sslhcfg_verbose_connections_error; struct arg_int* sslhcfg_verbose_fd; struct arg_int* sslhcfg_verbose_packets; + struct arg_int* sslhcfg_verbose_probe_info; + struct arg_int* sslhcfg_verbose_probe_error; struct arg_int* sslhcfg_verbose_system_error; struct arg_int* sslhcfg_verbose_int_error; struct arg_int* sslhcfg_verbose; @@ -792,7 +794,7 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { @@ -908,6 +910,38 @@ static struct config_desc table_sslhcfg[] = { /* default_val*/ .default_val.def_int = 0 }, + { + /* name */ "verbose_probe_info", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_probe_info, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_probe_info), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 0 + }, + + { + /* name */ "verbose_probe_error", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_probe_error, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_probe_error), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 3 + }, + { /* name */ "verbose_system_error", /* type */ CFG_INT, @@ -1276,7 +1310,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [24], .targets = sslhcfg_listen_targets, @@ -1288,7 +1322,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_ssh_targets, @@ -1300,7 +1334,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_tls_targets, @@ -1312,7 +1346,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_openvpn_targets, @@ -1324,7 +1358,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_tinc_targets, @@ -1336,7 +1370,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_xmpp_targets, @@ -1348,7 +1382,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_http_targets, @@ -1360,7 +1394,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_adb_targets, @@ -1372,7 +1406,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_socks5_targets, @@ -1384,7 +1418,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_syslog_targets, @@ -1396,7 +1430,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [23], + .base_entry = & table_sslhcfg [25], .targets = sslhcfg_anyprot_targets, @@ -2068,6 +2102,8 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) sslhcfg_verbose_connections_error = arg_intn(NULL, "verbose-connections-error", "", 0, 1, ""), sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "", 0, 1, ""), sslhcfg_verbose_packets = arg_intn(NULL, "verbose-packets", "", 0, 1, ""), + sslhcfg_verbose_probe_info = arg_intn(NULL, "verbose-probe-info", "", 0, 1, ""), + sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "", 0, 1, ""), sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "", 0, 1, ""), sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "", 0, 1, ""), sslhcfg_verbose = arg_intn("v", "verbose", "", 0, 1, ""), @@ -2260,6 +2296,12 @@ void sslhcfg_fprint( fprintf(out, "verbose_packets: %d", sslhcfg->verbose_packets); fprintf(out, "\n"); indent(out, depth); + fprintf(out, "verbose_probe_info: %d", sslhcfg->verbose_probe_info); + fprintf(out, "\n"); + indent(out, depth); + fprintf(out, "verbose_probe_error: %d", sslhcfg->verbose_probe_error); + fprintf(out, "\n"); + indent(out, depth); fprintf(out, "verbose_system_error: %d", sslhcfg->verbose_system_error); fprintf(out, "\n"); indent(out, depth); diff --git a/sslh-conf.h b/sslh-conf.h index ad4a3e2..192ae76 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 26 15:51:02 2021. + * on Sun Sep 26 16:54:06 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -81,6 +81,8 @@ struct sslhcfg_item { int verbose_connections_error; int verbose_fd; int verbose_packets; + int verbose_probe_info; + int verbose_probe_error; int verbose_system_error; int verbose_int_error; int verbose; diff --git a/sslhconf.cfg b/sslhconf.cfg index 57fedc4..c03b8ea 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -33,6 +33,9 @@ config: { { name: "verbose-fd"; type: "int"; default: 0; }, { name: "verbose-packets"; type: "int"; default: 0; }, + { name: "verbose-probe-info"; type: "int"; default: 0; }, + { name: "verbose-probe-error"; type: "int"; default: 3; }, + { name: "verbose-system-error"; type: "int"; default: 3; }, { name: "verbose-int-error"; type: "int"; default: 3; }, diff --git a/tls.c b/tls.c index c8b3fae..dfb3353 100644 --- a/tls.c +++ b/tls.c @@ -33,6 +33,7 @@ #include /* fnmatch() */ #include "tls.h" #include "sslh-conf.h" +#include "log.h" #define TLS_HEADER_LEN 5 #define TLS_HANDSHAKE_CONTENT_TYPE 0x16 @@ -82,14 +83,14 @@ parse_tls_header(const struct TLSProtocol *tls_data, const char *data, size_t da tls_content_type = data[0]; if (tls_content_type != TLS_HANDSHAKE_CONTENT_TYPE) { - if (cfg.verbose) fprintf(stderr, "Request did not begin with TLS handshake.\n"); + print_message(msg_probe_error, "Request did not begin with TLS handshake.\n"); return TLS_EPROTOCOL; } tls_version_major = data[1]; tls_version_minor = data[2]; if (tls_version_major < 3) { - if (cfg.verbose) fprintf(stderr, "Received SSL %d.%d handshake which cannot be parsed.\n", + print_message(msg_probe_error, "Received SSL %d.%d handshake which cannot be parsed.\n", tls_version_major, tls_version_minor); return TLS_EVERSION; @@ -111,7 +112,7 @@ parse_tls_header(const struct TLSProtocol *tls_data, const char *data, size_t da return TLS_EPROTOCOL; } if (data[pos] != TLS_HANDSHAKE_TYPE_CLIENT_HELLO) { - if (cfg.verbose) fprintf(stderr, "Not a client hello\n"); + print_message(msg_probe_error, "Not a client hello\n"); return TLS_EPROTOCOL; } @@ -228,7 +229,7 @@ parse_server_name_extension(const struct TLSProtocol *tls_data, const char *data return TLS_ENOEXT; } default: - if (cfg.verbose) fprintf(stderr, "Unknown server name extension name type: %d\n", + print_message(msg_probe_error, "Unknown server name extension name type: %d\n", data[pos]); } pos += 3 + len; @@ -254,7 +255,7 @@ parse_alpn_extension(const struct TLSProtocol *tls_data, const char *data, size_ if (len > 0 && has_match(tls_data->alpn_protocol_list, tls_data->alpn_list_len, data + pos + 1, len)) { return len; } else if (len > 0) { - if (cfg.verbose) fprintf(stderr, "Unknown ALPN name: %.*s\n", (int)len, data + pos + 1); + print_message(msg_probe_error, "Unknown ALPN name: %.*s\n", (int)len, data + pos + 1); } pos += 1 + len; } @@ -276,7 +277,7 @@ has_match(const char** list, size_t list_len, const char* name, size_t name_len) for (i = 0; i < list_len; i++) { item = &list[i]; - if (cfg.verbose) fprintf(stderr, "matching [%.*s] with [%s]\n", (int)name_len, name, *item); + print_message(msg_probe_error, "matching [%.*s] with [%s]\n", (int)name_len, name, *item); if(!fnmatch(*item, name_nullterminated, 0)) { free(name_nullterminated); return 1;