Merge pull request #323 from milkpirate/feat/resolve-on-connect

Feat/resolve on connect
2025-04-13 07:37:15 +03:00 · 2022-03-23 21:26:25 +01:00 · 2022-03-23 21:26:25 +01:00 · a71de786d6
commit a71de786d6
parent dd167d13a3 78bc954769
4 changed files with 17 additions and 3 deletions
--- a/common.c
+++ b/common.c
@ -319,6 +319,11 @@ int connect_addr(struct connection *cnx, int fd_from, connect_blocking blocking)
    res = getpeername(fd_from, from.ai_addr, &from.ai_addrlen);
    CHECK_RES_RETURN(res, "getpeername", res);

+    if (cnx->proto->resolve_on_forward) {
+        resolve_split_name(&(cnx->proto->saddr), cnx->proto->host,
+                           cnx->proto->port);
+    }
+
    for (a = cnx->proto->saddr; a; a = a->ai_next) {
        /* When transparent, make sure both connections use the same address family */
        if (transparent && a->ai_family != from.ai_addr->sa_family)
--- a/example.cfg
+++ b/example.cfg
@ -60,6 +60,8 @@ listen:
 #   fork: Should a new process be forked for this protocol?
 #         (only useful for sslh-select)
 #   tfo_ok: Set to true if the server supports TCP FAST OPEN
+#   resolve_on_forward: Set to true if server address should be resolved on
+#         (every) newly incoming connection (again)
 #   transparent: Set to true to proxy this protocol
 #         transparently (server sees the remote client IP
 #         address). Same as the global option, but per-protocol
--- a/sslh-main.c
+++ b/sslh-main.c
@ -124,8 +124,13 @@ static void config_protocols()
    int i;
    for (i = 0; i < cfg.protocols_len; i++) {
        struct sslhcfg_protocols_item* p = &(cfg.protocols[i]);
-        if (resolve_split_name(&(p->saddr), p->host, p->port)) {
-            print_message(msg_config_error, "cannot resolve %s:%s\n", p->host, p->port);
+
+        if (
+            !p->resolve_on_forward &&
+            resolve_split_name(&(p->saddr), p->host, p->port)
+        ) {
+            print_message(msg_config_error, "cannot resolve %s:%s\n",
+                          p->host, p->port);
            exit(4);
        }

--- a/sslhconf.cfg
+++ b/sslhconf.cfg
@ -108,8 +108,10 @@ config: {
                    { name: "fork"; type: "bool"; default: false },
                    { name: "tfo_ok"; type: "bool"; default: false;
                        description: "Set to true if this protocol supports TCP FAST OPEN" },
-                    { name: "transparent"; type: "bool"; default: false; 
+                    { name: "transparent"; type: "bool"; default: false;
                        description: "Set to proxy this protocol transparently" },
+                    { name: "resolve_on_forward"; type: "bool"; default: false;
+                        description: "Set to true if server address should be resolved on (every) newly incoming connection (again)" },
                    { name: "log_level"; type: "int"; default: 1 },
                    { name: "keepalive"; type: "bool"; default: false },
                    { name: "sni_hostnames",