diff --git a/ChangeLog b/ChangeLog index d2cecd3..1d24e02 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,5 @@ v2.0: - New sslh-ev: this is functionaly equivalent to + New sslh-ev: this is functionally equivalent to sslh-select (mono-process, only forks for specified protocols), but based on libev, which should make it scalable to large numbers of connections. @@ -41,7 +41,7 @@ v1.22: 17AUG2021 combined with incoming TLS with SNI. UDP clients and servers need to agree on the IPv4/IPv6 they use: use the same protocol on all sides! Often, this - means explicitely using 'ip4-localhost'. + means explicitly using 'ip4-localhost'. UDP sender-receiver pairs (connections, so to speak) are kept for 60s, which can be changed with `udp_timeout` in the configuration. @@ -83,7 +83,7 @@ v1.21: 11JUL2020 Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified in their configuration) and for - listenint socket, if all client protocols support it. + listening socket, if all client protocols support it. (Craig Andrews) Added 'minlength' option to skip a probe if less @@ -109,8 +109,8 @@ v1.20: 20NOV2018 Before, probes were tried in order, repeating on the same probe as long it returned PROBE_AGAIN before moving to the next one. This means a probe which - requires a lot of data (i.e. returne PROBE_AGAIN for - a long time) could prevent sucessful matches from + requires a lot of data (i.e. return PROBE_AGAIN for + a long time) could prevent successful matches from subsequent probes. The configuration file needed to take that into account. @@ -171,7 +171,7 @@ v1.18: 29MAR2016 v1.17: 09MAR2015 Support RFC5952-style IPv6 addresses, e.g. [::]:443. - Transparant proxy support for FreeBSD. + Transparent proxy support for FreeBSD. (Ruben van Staveren) Using -F with no argument will try @@ -200,7 +200,7 @@ v1.16: 11FEB2014 Libcap support: Keep only CAP_NET_ADMIN if started as root with transparent proxying and dropping - priviledges (enable USELIBCAP in Makefile). This + privileges (enable USELIBCAP in Makefile). This avoids having to mess with filesystem capabilities. (Sebastian Schmidt/yath) @@ -209,7 +209,7 @@ v1.16: 11FEB2014 actual errors if connections are dropped before getting to getpeername). - Set IP_FREEDBIND if available to bind to addresses + Set IP_FREEBIND if available to bind to addresses that don't yet exist. v1.15: 27JUL2013 @@ -294,7 +294,7 @@ v1.11: 21APR2012 --user isn't specified, just run as current user. No longer create PID file by default, it should be - explicitely set with --pidfile. + explicitly set with --pidfile. No longer log to syslog if in foreground. Logs are instead output to stderr. @@ -385,7 +385,7 @@ v1.8: 15JUL2011 v1.7: 01FEB2010 Added CentOS init.d script (Andre Krajnik). - Fixed default ssl address inconsistancy, now + Fixed default ssl address inconsistency, now defaults to "localhost:443" and fixed documentation accordingly (pointed by Markus Schalke). diff --git a/Dockerfile b/Dockerfile index cb236af..cd22891 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,38 @@ -FROM alpine:latest as build +ARG ALPINE_VERSION="latest" +ARG TARGET_ARCH="library" + +FROM docker.io/${TARGET_ARCH}/alpine:${ALPINE_VERSION} AS build WORKDIR /sslh -RUN apk add gcc libconfig-dev make musl-dev pcre2-dev perl +RUN apk add --no-cache \ + 'gcc' \ + 'libconfig-dev' \ + 'make' \ + 'musl-dev' \ + 'pcre2-dev' \ + 'perl' \ + ; COPY . /sslh + RUN make sslh-select && strip sslh-select -FROM alpine:latest - -RUN apk --no-cache add libconfig pcre2 iptables ip6tables libcap - -RUN adduser sslh --shell /bin/sh --disabled-password +FROM docker.io/${TARGET_ARCH}/alpine:${ALPINE_VERSION} COPY --from=build "/sslh/sslh-select" "/usr/local/bin/sslh" -RUN setcap cap_net_bind_service,cap_net_raw+ep /usr/local/bin/sslh +RUN apk add --no-cache \ + 'libconfig' \ + 'pcre2' \ + 'iptables' \ + 'ip6tables' \ + 'libcap' \ + && \ + adduser -s '/bin/sh' -S -D sslh && \ + setcap cap_net_bind_service,cap_net_raw+ep /usr/local/bin/sslh COPY "./container-entrypoint.sh" "/init" ENTRYPOINT [ "/init" ] # required for updating iptables -USER root:root \ No newline at end of file +USER root:root diff --git a/argtable3.c b/argtable3.c index ba15bb5..5b85398 100644 --- a/argtable3.c +++ b/argtable3.c @@ -2876,9 +2876,9 @@ static void arg_file_resetfn(struct arg_file* parent) { static const char* arg_basename(const char* filename) { const char *result = NULL, *result1, *result2; - /* Find the last occurrence of eother file separator character. */ - /* Two alternative file separator chars are supported as legal */ - /* file separators but not both together in the same filename. */ + /* Find the last occurrence of other file separator character. */ + /* Two alternative file separator chars are supported as legal */ + /* file separators but not both together in the same filename. */ result1 = (filename ? strrchr(filename, FILESEPARATOR1) : NULL); result2 = (filename ? strrchr(filename, FILESEPARATOR2) : NULL); @@ -2927,7 +2927,7 @@ static int arg_file_scanfn(struct arg_file* parent, const char* argval) { } else if (!argval) { /* a valid argument with no argument value was given. */ /* This happens when an optional argument value was invoked. */ - /* leave parent arguiment value unaltered but still count the argument. */ + /* leave parent argument value unaltered but still count the argument. */ parent->count++; } else { parent->filename[parent->count] = argval; @@ -3173,7 +3173,7 @@ static int arg_int_scanfn(struct arg_int* parent, const char* argval) { } else if (!argval) { /* a valid argument with no argument value was given. */ /* This happens when an optional argument value was invoked. */ - /* leave parent arguiment value unaltered but still count the argument. */ + /* leave parent argument value unaltered but still count the argument. */ parent->count++; } else { long int val; @@ -3813,8 +3813,8 @@ static const TRexChar* g_nnames[] = {_SC("NONE"), _SC("OP_GREEDY"), _SC("OP_O #endif #define OP_GREEDY (MAX_CHAR + 1) /* * + ? {n} */ #define OP_OR (MAX_CHAR + 2) -#define OP_EXPR (MAX_CHAR + 3) /* parentesis () */ -#define OP_NOCAPEXPR (MAX_CHAR + 4) /* parentesis (?:) */ +#define OP_EXPR (MAX_CHAR + 3) /* parenthesis () */ +#define OP_NOCAPEXPR (MAX_CHAR + 4) /* parenthesis (?:) */ #define OP_DOT (MAX_CHAR + 5) #define OP_CLASS (MAX_CHAR + 6) #define OP_CCLASS (MAX_CHAR + 7) @@ -5313,7 +5313,7 @@ static void arg_parse_untagged(int argc, char** argv, struct arg_hdr** table, st } } - /* if a tenative error still remains at this point then register it as a proper error */ + /* if a tentative error still remains at this point then register it as a proper error */ if (errorlast) { arg_register_error(endtable, parentlast, errorlast, optarglast); optind++; @@ -5384,7 +5384,7 @@ int arg_parse(int argc, char** argv, void** argtable) { /* Fill in the local copy of argv[]. We need a local copy because getopt rearranges argv[] which adversely affects - susbsequent parsing attempts. + subsequent parsing attempts. */ for (i = 0; i < argc; i++) argvcopy[i] = argv[i]; @@ -5451,7 +5451,7 @@ static void arg_cat_option(char* dest, size_t ndest, const char* shortopts, cons if (shortopts) { char option[3]; - /* note: option array[] is initialiazed dynamically here to satisfy */ + /* note: option array[] is initialized dynamically here to satisfy */ /* a deficiency in the watcom compiler wrt static array initializers. */ option[0] = '-'; option[1] = shortopts[0]; @@ -5509,7 +5509,7 @@ static void arg_cat_optionv(char* dest, size_t ndest, const char* shortopts, con /* "-a|-b|-c" */ char shortopt[3]; - /* note: shortopt array[] is initialiazed dynamically here to satisfy */ + /* note: shortopt array[] is initialized dynamically here to satisfy */ /* a deficiency in the watcom compiler wrt static array initializers. */ shortopt[0] = '-'; shortopt[1] = *c; @@ -5881,7 +5881,7 @@ static void arg_print_formatted_ds(arg_dstr_t ds, const unsigned lmargin, const * Prints the glossary in strict GNU format. * Differences to arg_print_glossary() are: * - wraps lines after 80 chars - * - indents lines without shortops + * - indents lines without shortopts * - does not accept formatstrings * * Contributed by Uli Fouquet @@ -5956,7 +5956,7 @@ int arg_nullcheck(void** argtable) { * that entry were still allocated ok. Those subsequent allocations will not be * deallocated by arg_free(). * Despite the unlikeliness of the problem occurring, and the even unlikelier event - * that it has any deliterious effect, it is fixed regardless by replacing arg_free() + * that it has any deleterious effect, it is fixed regardless by replacing arg_free() * with the newer arg_freetable() function. * We still keep arg_free() for backwards compatibility. */ diff --git a/argtable3.h b/argtable3.h index 487c22d..4785fff 100644 --- a/argtable3.h +++ b/argtable3.h @@ -87,7 +87,7 @@ typedef int(arg_comparefn)(const void* k1, const void* k2); * that particular arg_xxx arguments, performing post-parse checks, and * reporting errors. * These functions are private to the individual arg_xxx source code - * and are the pointer to them are initiliased by that arg_xxx struct's + * and are the pointer to them are initialised by that arg_xxx struct's * constructor function. The user could alter them after construction * if desired, but the original intention is for them to be set by the * constructor and left unaltered. @@ -95,7 +95,7 @@ typedef int(arg_comparefn)(const void* k1, const void* k2); typedef struct arg_hdr { char flag; /* Modifier flags: ARG_TERMINATOR, ARG_HASVALUE. */ const char* shortopts; /* String defining the short options */ - const char* longopts; /* String defiing the long options */ + const char* longopts; /* String defining the long options */ const char* datatype; /* Description of the argument data type */ const char* glossary; /* Description of the option as shown by arg_print_glossary function */ int mincount; /* Minimum number of occurences of this option accepted */ diff --git a/container-entrypoint.sh b/container-entrypoint.sh index 643fe88..a8d6e04 100755 --- a/container-entrypoint.sh +++ b/container-entrypoint.sh @@ -1,5 +1,4 @@ #!/bin/sh - # SPDX-License-Identifier: GPL2-or-later # # Copyright (C) 2023 Olliver Schinagl @@ -20,81 +19,79 @@ if [ "${#}" -le 0 ] || \ entrypoint='true' fi -############################################################################ - unconfigure_iptables() { - echo "Received SIG TERM/INT/KILL. Removing iptables / routing changes" + echo "Received SIG TERM/INT/KILL. Removing iptables / routing changes" - set +e # Don't exit if got error - set -x + set +e # Don't exit if got error + set -x - iptables -t raw -D PREROUTING ! -i lo -d 127.0.0.0/8 -j DROP - iptables -t mangle -D POSTROUTING ! -o lo -s 127.0.0.0/8 -j DROP + iptables -t raw -D PREROUTING ! -i lo -d 127.0.0.0/8 -j DROP + iptables -t mangle -D POSTROUTING ! -o lo -s 127.0.0.0/8 -j DROP - iptables -t nat -D OUTPUT -m owner --uid-owner sslh -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CONNMARK --set-xmark 0x01/0x0f - iptables -t mangle -D OUTPUT ! -o lo -p tcp -m connmark --mark 0x01/0x0f -j CONNMARK --restore-mark --mask 0x0f + iptables -t nat -D OUTPUT -m owner --uid-owner sslh -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CONNMARK --set-xmark 0x01/0x0f + iptables -t mangle -D OUTPUT ! -o lo -p tcp -m connmark --mark 0x01/0x0f -j CONNMARK --restore-mark --mask 0x0f - ip rule del fwmark 0x1 lookup 100 - ip route del local 0.0.0.0/0 dev lo table 100 + ip rule del fwmark 0x1 lookup 100 + ip route del local 0.0.0.0/0 dev lo table 100 - if [ $(cat /proc/sys/net/ipv6/conf/all/disable_ipv6) -eq 0 ]; then - ip6tables -t raw -D PREROUTING ! -i lo -d ::1/128 -j DROP - ip6tables -t mangle -D POSTROUTING ! -o lo -s ::1/128 -j DROP - ip6tables -t nat -D OUTPUT -m owner --uid-owner sslh -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CONNMARK --set-xmark 0x01/0x0f - ip6tables -t mangle -D OUTPUT ! -o lo -p tcp -m connmark --mark 0x01/0x0f -j CONNMARK --restore-mark --mask 0x0f + if [ $(cat /proc/sys/net/ipv6/conf/all/disable_ipv6) -eq 0 ]; then + ip6tables -t raw -D PREROUTING ! -i lo -d ::1/128 -j DROP + ip6tables -t mangle -D POSTROUTING ! -o lo -s ::1/128 -j DROP + ip6tables -t nat -D OUTPUT -m owner --uid-owner sslh -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CONNMARK --set-xmark 0x01/0x0f + ip6tables -t mangle -D OUTPUT ! -o lo -p tcp -m connmark --mark 0x01/0x0f -j CONNMARK --restore-mark --mask 0x0f - ip -6 rule del fwmark 0x1 lookup 100 - ip -6 route del local ::/0 dev lo table 100 - fi - - set -e - set +x + ip -6 rule del fwmark 0x1 lookup 100 + ip -6 route del local ::/0 dev lo table 100 + fi + + set -e + set +x } configure_iptables() { - echo "Configuring iptables and routing..." + echo "Configuring iptables and routing..." - set +e # Don't exit if got error - set -x - - iptables -t raw -A PREROUTING ! -i lo -d 127.0.0.0/8 -j DROP - iptables -t mangle -A POSTROUTING ! -o lo -s 127.0.0.0/8 -j DROP + set +e # Don't exit if got error + set -x + + iptables -t raw -A PREROUTING ! -i lo -d 127.0.0.0/8 -j DROP + iptables -t mangle -A POSTROUTING ! -o lo -s 127.0.0.0/8 -j DROP - iptables -t nat -A OUTPUT -m owner --uid-owner sslh -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CONNMARK --set-xmark 0x01/0x0f - iptables -t mangle -A OUTPUT ! -o lo -p tcp -m connmark --mark 0x01/0x0f -j CONNMARK --restore-mark --mask 0x0f + iptables -t nat -A OUTPUT -m owner --uid-owner sslh -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CONNMARK --set-xmark 0x01/0x0f + iptables -t mangle -A OUTPUT ! -o lo -p tcp -m connmark --mark 0x01/0x0f -j CONNMARK --restore-mark --mask 0x0f - ip rule add fwmark 0x1 lookup 100 - ip route add local 0.0.0.0/0 dev lo table 100 + ip rule add fwmark 0x1 lookup 100 + ip route add local 0.0.0.0/0 dev lo table 100 - if [ $(cat /proc/sys/net/ipv6/conf/all/disable_ipv6) -eq 0 ]; then - ip6tables -t raw -A PREROUTING ! -i lo -d ::1/128 -j DROP - ip6tables -t mangle -A POSTROUTING ! -o lo -s ::1/128 -j DROP - ip6tables -t nat -A OUTPUT -m owner --uid-owner sslh -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CONNMARK --set-xmark 0x01/0x0f - ip6tables -t mangle -A OUTPUT ! -o lo -p tcp -m connmark --mark 0x01/0x0f -j CONNMARK --restore-mark --mask 0x0f + if [ $(cat /proc/sys/net/ipv6/conf/all/disable_ipv6) -eq 0 ]; then + ip6tables -t raw -A PREROUTING ! -i lo -d ::1/128 -j DROP + ip6tables -t mangle -A POSTROUTING ! -o lo -s ::1/128 -j DROP + ip6tables -t nat -A OUTPUT -m owner --uid-owner sslh -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CONNMARK --set-xmark 0x01/0x0f + ip6tables -t mangle -A OUTPUT ! -o lo -p tcp -m connmark --mark 0x01/0x0f -j CONNMARK --restore-mark --mask 0x0f - ip -6 rule add fwmark 0x1 lookup 100 - ip -6 route add local ::/0 dev lo table 100 - fi - - set -e - set +x + ip -6 rule add fwmark 0x1 lookup 100 + ip -6 route add local ::/0 dev lo table 100 + fi + + set -e + set +x } -for i in "$@" ; do - if [ "${i}" = "--transparent" ] ; then - echo "--transparent is set" - configure_iptables - trap unconfigure_iptables TERM INT KILL - break - fi +for _args in "${@}" ; do + if [ "${_args:-}" = '--transparent' ] ; then + echo '--transparent flag is set' + configure_iptables + trap unconfigure_iptables TERM INT KILL + break + fi done -#run command as sslh user -command="${entrypoint:+${bin}} ${@}" -echo "executing with user 'sslh': $command" +# Drop privileges and run as sslh user +sslh_cmd="${entrypoint:+${bin}} ${@}" +echo "Executing with user 'sslh': ${sslh_cmd}" -exec su - sslh -c "$command" & -wait $! +exec su - sslh -c "${sslh_cmd}" & +wait "${!}" -exit 0 \ No newline at end of file +exit 0 diff --git a/doc/FAQ.md b/doc/FAQ.md index 8e91c48..528c9d9 100644 --- a/doc/FAQ.md +++ b/doc/FAQ.md @@ -7,7 +7,7 @@ doesn't work, report how what was suggested here went. It's also worth reading [how to ask questions](http://www.catb.org/~esr/faqs/smart-questions.html) before posting on the mailing list or opening an issue in -Github. +GitHub. Getting more info ================= diff --git a/doc/config.md b/doc/config.md index 4a0029c..d215fcf 100644 --- a/doc/config.md +++ b/doc/config.md @@ -92,7 +92,7 @@ to the executable: sudo setcap cap_net_bind_service,cap_net_raw+pe sslh-select -Then you can run sslh-select as an unpriviledged user, e.g.: +Then you can run sslh-select as an unprivileged user, e.g.: sslh-select -p myname:443 --ssh localhost:22 --tls localhost:443 @@ -167,7 +167,7 @@ This parses the /etc/sslh.cfg (or /etc/sslh/sslh.cfg file if that exists instead) configuration file and dynamically generates a socket file to use. This will also merge with any sslh.socket.d drop in configuration but will be -overriden by a /etc/systemd/system/sslh.socket file. +overridden by a /etc/systemd/system/sslh.socket file. To use the generator place it in /usr/lib/systemd/system-generators and then call systemctl daemon-reload after any changes to /etc/sslh.cfg to generate @@ -196,7 +196,7 @@ will wait for incoming UDP packets, run the probes in the usual fashion, and forward packets to the appropriate target. `sslh` will then remember the association between remote host to target server for 60 seconds by default, -which can be overriden with `udp_timeout`. This allows to +which can be overridden with `udp_timeout`. This allows to process both single-datagram protocols such as DNS, and connection-based protocols such as QUIC. diff --git a/doc/tproxy.md b/doc/tproxy.md index 0a91773..057d720 100644 --- a/doc/tproxy.md +++ b/doc/tproxy.md @@ -60,7 +60,7 @@ this scheme -- let me know if you manage that: ip rule add fwmark 0x1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 -Tranparent proxying with IPv6 is similarly set up as follows: +Transparent proxying with IPv6 is similarly set up as follows: # Set route_localnet = 1 on all interfaces so that ssl can use "localhost" as destination # Not sure if this is needed for ipv6 though diff --git a/echosrv-conf.c b/echosrv-conf.c index dbd9b2e..87a46e4 100644 --- a/echosrv-conf.c +++ b/echosrv-conf.c @@ -365,7 +365,7 @@ static int clcpy(config_type type, void* target, const void* cl_arg) return 0; } -/* Copy the value of a string argument to arbitary memory +/* Copy the value of a string argument to arbitrary memory * location that must be large enough, converting on the way * (i.e. CFG_INT gets atoi() and so on) */ /* 0: success @@ -862,7 +862,7 @@ static int set_target_fields(void* target_addr, struct compound_cl_arg* arg, con if (pmatch[pmatch_cnt].rm_so == -1) { /* This should not happen as regexec() did * match before, unless there is a - * discrepency between the regex and the + * discrepancy between the regex and the * number of backreferences */ return 0; } @@ -1155,7 +1155,7 @@ static void scalar_to_string(char** strp, config_setting_t* s) /* Typesets all the settings in a configuration as a * newly-allocated string. The string management is caller's -* responsability. +* responsibility. * Returns the number of scalars in the configuration */ static int cfg_as_string(config_setting_t* parent, const char* path, char** strp) { diff --git a/echosrv.c b/echosrv.c index 3e69d4c..6b513eb 100644 --- a/echosrv.c +++ b/echosrv.c @@ -1,6 +1,6 @@ /* echosrv: a simple line echo server with optional prefix adding. * - * echsrv --listen localhost6:1234 --prefix "ssl: " + * echosrv --listen localhost6:1234 --prefix "ssl: " * * This will bind to 1234, and echo every line pre-pending "ssl: ". This is * used for testing: we create several such servers with different prefixes, diff --git a/genver.sh b/genver.sh index 5eec682..e164466 100755 --- a/genver.sh +++ b/genver.sh @@ -10,14 +10,14 @@ fi if [ ! -d .git ] || ! `(git status | grep -q "On branch") 2> /dev/null`; then # If we don't have git, we can't work out what # version this is. It must have been downloaded as a - # zip file. - + # zip file. + # If downloaded from the release page, the directory # has the version number. release=`pwd | sed s/.*sslh-// | grep "[[:digit:]]"` - + if [ "x$release" = "x" ]; then - # If downloaded from the head, Github creates the + # If downloaded from the head, GitHub creates the # zip file with all files dated from the last # change: use the Makefile's modification time as a # release number @@ -28,7 +28,7 @@ fi if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then # generate the version info based on the tag release=`(git describe --tags || git --describe || git describe --all --long) \ - 2>/dev/null | tr -d '\n'` + 2>/dev/null | tr -s '/' '-' | tr -d '\n'` # Are there uncommitted changes? git update-index --refresh --unmerged > /dev/null diff --git a/hashtest/run b/hashtest/run index 5817600..724d03a 100755 --- a/hashtest/run +++ b/hashtest/run @@ -5,7 +5,7 @@ # Tests scripts are in *.tst files. # Corresponding output is put in *.out. # Reference output is put in *.ref. -# Any discrepency will be reported! +# Any discrepancy will be reported! use strict; diff --git a/scripts/etc.sysconfig.sslh b/scripts/etc.sysconfig.sslh index 72d04b2..322fddf 100644 --- a/scripts/etc.sysconfig.sslh +++ b/scripts/etc.sysconfig.sslh @@ -18,7 +18,7 @@ #CONFIG=/etc/sslh.cfg # -# Extra option to pass on comand line +# Extra option to pass on command line # Those can supersede configuration file settings # #OPTIONS= diff --git a/scripts/fail2ban/sslh-ssh.conf b/scripts/fail2ban/sslh-ssh.conf index 45d2584..73a2efb 100644 --- a/scripts/fail2ban/sslh-ssh.conf +++ b/scripts/fail2ban/sslh-ssh.conf @@ -8,7 +8,7 @@ # but many connection attempts from the same # origin is reason enough to block. # -# Verion: 2014-03-28 +# Version: 2014-03-28 [INCLUDES] diff --git a/sslh-conf.c b/sslh-conf.c index b60cfc1..7f81da8 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -365,7 +365,7 @@ static int clcpy(config_type type, void* target, const void* cl_arg) return 0; } -/* Copy the value of a string argument to arbitary memory +/* Copy the value of a string argument to arbitrary memory * location that must be large enough, converting on the way * (i.e. CFG_INT gets atoi() and so on) */ /* 0: success @@ -1818,7 +1818,7 @@ static int set_target_fields(void* target_addr, struct compound_cl_arg* arg, con if (pmatch[pmatch_cnt].rm_so == -1) { /* This should not happen as regexec() did * match before, unless there is a - * discrepency between the regex and the + * discrepancy between the regex and the * number of backreferences */ return 0; } @@ -2111,7 +2111,7 @@ static void scalar_to_string(char** strp, config_setting_t* s) /* Typesets all the settings in a configuration as a * newly-allocated string. The string management is caller's -* responsability. +* responsibility. * Returns the number of scalars in the configuration */ static int cfg_as_string(config_setting_t* parent, const char* path, char** strp) { diff --git a/t b/t index 4ef5b1d..63137cb 100755 --- a/t +++ b/t @@ -396,7 +396,7 @@ if ($RB_RESOLVE_ADDRESS) { my $sslh_pid; if (!($sslh_pid = fork)) { my $user = (getpwuid $<)[0]; # Run under current username - exec "./sslh-select -v 3 -f -u $user --listen blahblah.dontexist:9000 --ssh $ssh_address --tls $ssl_address -P $pidfile"; + exec "./sslh-select -v 3 -f -u $user --listen blahblah.nonexistent:9000 --ssh $ssh_address --tls $ssl_address -P $pidfile"; } warn "spawned $sslh_pid\n"; waitpid $sslh_pid, 0; diff --git a/udp-listener.c b/udp-listener.c index 54881e2..5aeb687 100644 --- a/udp-listener.c +++ b/udp-listener.c @@ -92,7 +92,7 @@ static void udp_protocol_list_init(void) } /* Configuration sanity check for UDP: - * - If there is a listening addres, there must be at least one target + * - If there is a listening address, there must be at least one target */ static void udp_sanity_check(void) { @@ -251,7 +251,7 @@ struct connection* udp_c2s_forward(int sockfd, struct loop_info* fd_info) ssize_t len; socklen_t addrlen; int res, target, out = -1; - char data[65536]; /* Theoritical max is 65507 (https://en.wikipedia.org/wiki/User_Datagram_Protocol). + char data[65536]; /* Theoretical max is 65507 (https://en.wikipedia.org/wiki/User_Datagram_Protocol). This will do. Dynamic allocation is possible with the MSG_PEEK flag in recvfrom(2), but that'd imply malloc/free overhead for each packet, when really 64K is not that much */ @@ -294,7 +294,7 @@ struct connection* udp_c2s_forward(int sockfd, struct loop_info* fd_info) res = new_source(fd_info->hash_sources, cnx); if (res == -1) { - print_message(msg_connections_error, "Out of hash space for new incoming UDP connection -- increaѕe udp_max_connections"); + print_message(msg_connections_error, "Out of hash space for new incoming UDP connection -- increase udp_max_connections"); collection_remove_cnx(collection, cnx); return NULL; }