From 952279942160655fd33308a27bee3ea4a7cab805 Mon Sep 17 00:00:00 2001 From: Yves Rutschle Date: Tue, 15 Apr 2025 22:16:03 +0200 Subject: [PATCH] preliminary receive proxyprotocol support --- echosrv-conf.c | 2 +- echosrv-conf.h | 2 +- probe.c | 3 --- probe.h | 1 + proxyprotocol.c | 20 ++++++++++++++++++++ proxyprotocol.h | 6 +++++- sslh-conf.c | 23 +++++++++++++++++++++-- sslh-conf.h | 3 ++- sslhconf.cfg | 3 ++- tcp-probe.c | 16 ++++++++++++++-- test.cfg | 6 +++--- version.h | 2 +- 12 files changed, 71 insertions(+), 16 deletions(-) diff --git a/echosrv-conf.c b/echosrv-conf.c index 8747a31..1276f21 100644 --- a/echosrv-conf.c +++ b/echosrv-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Mon Feb 24 18:37:24 2025. + * on Tue Apr 8 22:35:50 2025. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2024 Yves Rutschle diff --git a/echosrv-conf.h b/echosrv-conf.h index 1436146..7ccc111 100644 --- a/echosrv-conf.h +++ b/echosrv-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Mon Feb 24 18:37:24 2025. + * on Tue Apr 8 22:35:50 2025. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2024 Yves Rutschle diff --git a/probe.c b/probe.c index 00a6137..d54a340 100644 --- a/probe.c +++ b/probe.c @@ -436,9 +436,6 @@ int probe_buffer(char* buf, int len, struct sslhcfg_protocols_item* p; int i, res, again = 0; - print_message(msg_packets, "hexdump of incoming packet:\n"); - hexdump(msg_packets, buf, len); - *proto_out = NULL; for (i = 0; i < proto_len; i++) { char* probe_str[3] = {"PROBE_NEXT", "PROBE_MATCH", "PROBE_AGAIN"}; diff --git a/probe.h b/probe.h index d0b768b..59eb66f 100644 --- a/probe.h +++ b/probe.h @@ -6,6 +6,7 @@ #include "common.h" #include "tls.h" #include "log.h" +#include "proxyprotocol.h" typedef enum { PROBE_NEXT, /* Enough data, probe failed -- it's some other protocol */ diff --git a/proxyprotocol.c b/proxyprotocol.c index aab218c..93229e8 100644 --- a/proxyprotocol.c +++ b/proxyprotocol.c @@ -20,6 +20,10 @@ */ +#include "config.h" + +#if HAVE_PROXYPROTOCOL + #include #include "common.h" #include "log.h" @@ -112,3 +116,19 @@ int pp_write_header(int pp_version, struct connection* cnx) return 0; } + +int pp_header_len(char* buffer, int buffer_len) +{ + pp_info_t pp_info; + + int header_len = pp_parse_hdr((uint8_t*)buffer, buffer_len, &pp_info); + + print_message(msg_probe_info, "proxyprotocol header %d bytes found\n", header_len); + + if (header_len < 0) header_len = 0; + + return header_len; +} + + +#endif /* HAVE_PROXYPROTOCOL */ diff --git a/proxyprotocol.h b/proxyprotocol.h index fab0157..39b843d 100644 --- a/proxyprotocol.h +++ b/proxyprotocol.h @@ -3,12 +3,16 @@ #if HAVE_PROXYPROTOCOL + + int pp_write_header(int pp_version, struct connection* cnx); +int pp_header_len(char* buffer, int len); #else /* HAVE_PROXYPROTOCOL */ -static inline int pp_write_header(int pp_version, struct connection* cnx) {} +static inline int pp_write_header(int pp_version, struct connection* cnx) { return 0; } +static inline int pp_header_len(char*, int) { return 0; } #endif /* HAVE_PROXYPROTOCOL */ diff --git a/sslh-conf.c b/sslh-conf.c index a7edc8f..bf74c22 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Mon Feb 24 18:37:24 2025. + * on Tue Apr 8 22:35:50 2025. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2024 Yves Rutschle @@ -793,7 +793,7 @@ static struct config_desc table_sslhcfg_protocols[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg_listen[] = { @@ -876,6 +876,22 @@ static struct config_desc table_sslhcfg_listen[] = { /* optional */ 0, /* default_val*/ .default_val.def_bool = 0 }, + + { + /* name */ "proxyprotocol", + /* type */ CFG_BOOL, + /* sub_group*/ NULL, + /* arg_cl */ NULL, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_listen_item, proxyprotocol), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_bool = 0 + }, { 0 } }; @@ -2471,6 +2487,9 @@ static void sslhcfg_listen_fprint( indent(out, depth); fprintf(out, "keepalive: %d", sslhcfg_listen->keepalive); fprintf(out, "\n"); + indent(out, depth); + fprintf(out, "proxyprotocol: %d", sslhcfg_listen->proxyprotocol); + fprintf(out, "\n"); } void sslhcfg_fprint( diff --git a/sslh-conf.h b/sslh-conf.h index 55c63e9..682a27b 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Mon Feb 24 18:37:24 2025. + * on Tue Apr 8 22:35:50 2025. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2024 Yves Rutschle @@ -46,6 +46,7 @@ struct sslhcfg_listen_item { int is_udp; int is_unix; int keepalive; + int proxyprotocol; }; struct sslhcfg_protocols_item { diff --git a/sslhconf.cfg b/sslhconf.cfg index 6b8444f..8d05fdc 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -99,7 +99,8 @@ config: { { name: "port"; type: "string"; var: true; }, { name: "is_udp"; type: "bool"; default: false }, { name: "is_unix"; type: "bool"; default: false }, - { name: "keepalive"; type: "bool"; default: false; } + { name: "keepalive"; type: "bool"; default: false; }, + { name: "proxyprotocol"; type: "bool"; default: false; } ) }, diff --git a/tcp-probe.c b/tcp-probe.c index 6c9a379..7fc32bd 100644 --- a/tcp-probe.c +++ b/tcp-probe.c @@ -45,8 +45,20 @@ int probe_client_protocol(struct connection *cnx) if (n > 0) { defer_write(&cnx->q[1], buffer, n); - return probe_buffer(cnx->q[1].begin_deferred_data, - cnx->q[1].deferred_data_size, + + print_message(msg_packets, "hexdump of incoming packet:\n"); + hexdump(msg_packets, cnx->q[1].begin_deferred_data, cnx->q[1].deferred_data_size); + + + /* + TODO il ne faut appeler ca que si on supporte pp sur le lien + */ + + int pp_len = pp_header_len(cnx->q[1].begin_deferred_data, + cnx->q[1].deferred_data_size); + + return probe_buffer(cnx->q[1].begin_deferred_data + pp_len, + cnx->q[1].deferred_data_size - pp_len, tcp_protocols, tcp_protocols_len, &cnx->proto ); diff --git a/test.cfg b/test.cfg index 9aa7877..f02f779 100644 --- a/test.cfg +++ b/test.cfg @@ -21,7 +21,7 @@ verbose-connections-error: 1; # connection errors verbose-connections-try: 1; # connection attempts towards targets verbose-fd: 0; # file descriptor activity, open/close/whatnot verbose-packets: 1; # hexdump packets on which probing is done -verbose-probe-info: 0; # what's happening during the probe process +verbose-probe-info: 1; # what's happening during the probe process verbose-probe-error: 1; # failures and problems during probing verbose-system-error: 1; # system call problem, i.e. malloc, fork, failing verbose-int-error: 1; # internal errors, the kind that should never happen @@ -30,7 +30,7 @@ verbose-int-error: 1; # internal errors, the kind that should never happen # Options: listen: ( - { host: "localhost"; port: "8080"; keepalive: true; }, + { host: "localhost"; port: "8080"; keepalive: true; proxyprotocol: true; }, { host: "localhost"; port: "8081"; keepalive: true; }, { host: "ip4-localhost"; is_udp: true; port: "8086"; }, { host: "/tmp/sslh.sock"; is_unix: true; port: ""; } @@ -45,7 +45,7 @@ protocols: ( { name: "ssh"; host: "localhost"; port: "9000"; fork: true; transparent: true; resolve_on_forward: true; }, { name: "socks5"; host: "localhost"; port: "9001"; }, - { name: "http"; host: "localhost"; port: "80"; proxyprotocol: 2; }, + { name: "http"; host: "localhost"; port: "80"; }, { name: "tinc"; host: "localhost"; port: "9003"; }, { name: "openvpn"; host: "localhost"; port: "9004"; }, { name: "xmpp"; host: "localhost"; port: "9009"; }, diff --git a/version.h b/version.h index 39a8717..dcf9f0b 100644 --- a/version.h +++ b/version.h @@ -1,5 +1,5 @@ #ifndef VERSION_H #define VERSION_H -#define VERSION "v2.1.4-40-g416a82f-dirty" +#define VERSION "v2.1.4-42-g4978641-dirty" #endif