third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-06-06 02:13:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

remove --verbose option

Browse Source
This commit is contained in:
yrutschle 2021-09-27 13:28:21 +02:00
parent c8fce0a02f
commit caa62875c1
8 changed files with 50 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,14 @@
vNEXT:
New log system: instead of --verbose with arbitrary
levels, there are now several message classes. Each
message class can be set to go to stderr, syslog, or
both. Classes are documented in example.cfg.
inetd merges stderr output to what is sent to the
client, which is a security issue as it might give
information to an attacker. When inetd is activated,
stderr is forcibly closed.
v1.22: 17AUG2021 v1.22: 17AUG2021
sslh-select now supports UDP protocols. sslh-select now supports UDP protocols.
Probes specified in the `protocols` Probes specified in the `protocols`

16
example.cfg
View File

@ -12,11 +12,21 @@ user: "nobody";
pidfile: "/var/run/sslh.pid"; pidfile: "/var/run/sslh.pid";
chroot: "/var/empty"; chroot: "/var/empty";
verbose: 0;
# Logging configuration # Logging configuration
# Value: 1: stdout; 2: syslog; 3: both # Value: 1: stdout; 2: syslog; 3: both
verbose-config: 0; # config: print configuration at startup # Defaults are indicated here, and should be sensible. Generally, you want *-error
# to be always enabled, to know if something is going wrong.
verbose-config: 0; # print configuration at startup
verbose-config-error: 3; # print configuration errors
verbose-connections: 3; # trace established incoming address to forward address
verbose-connections-error: 3; # connection errors
verbose-connections-try: 0; # connection attempts towards targets
verbose-fd: 0; # file descriptor activity, open/close/whatnot
verbose-packets: 0; # hexdump packets on which probing is done
verbose-probe-info: 0; # what's happening during the probe process
verbose-probe-error: 3; # failures and problems during probing
verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing
verbose-int-error: 3; # internal errors, the kind that should never happen
# Specify which syslog facility to use (names for your # Specify which syslog facility to use (names for your

6
probe.c
View File

@ -350,10 +350,8 @@ int probe_buffer(char* buf, int len, struct sslhcfg_protocols_item** proto)
struct sslhcfg_protocols_item* p; struct sslhcfg_protocols_item* p;
int i, res, again = 0; int i, res, again = 0;
if (cfg.verbose > 1) { print_message(msg_packets, "hexdump of incoming packet:\n");
print_message(msg_packets, "hexdump of incoming packet:\n"); hexdump(msg_packets, buf, len);
hexdump(msg_packets, buf, len);
}
*proto = NULL; *proto = NULL;
for (i = 0; i < cfg.protocols_len; i++) { for (i = 0; i < cfg.protocols_len; i++) {

47
sslh-conf.c
View File

@ -1,5 +1,5 @@
/* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
* on Sun Sep 26 16:54:06 2021. * on Mon Sep 27 13:21:48 2021.
# conf2struct: generate libconf parsers that read to structs # conf2struct: generate libconf parsers that read to structs
# Copyright (C) 2018-2021 Yves Rutschle # Copyright (C) 2018-2021 Yves Rutschle
@ -454,7 +454,6 @@ struct arg_file* sslhcfg_conffile;
struct arg_int* sslhcfg_verbose_probe_error; struct arg_int* sslhcfg_verbose_probe_error;
struct arg_int* sslhcfg_verbose_system_error; struct arg_int* sslhcfg_verbose_system_error;
struct arg_int* sslhcfg_verbose_int_error; struct arg_int* sslhcfg_verbose_int_error;
struct arg_int* sslhcfg_verbose;
struct arg_lit* sslhcfg_version; struct arg_lit* sslhcfg_version;
struct arg_lit* sslhcfg_foreground; struct arg_lit* sslhcfg_foreground;
struct arg_lit* sslhcfg_inetd; struct arg_lit* sslhcfg_inetd;
@ -794,7 +793,7 @@ static struct config_desc table_sslhcfg_listen[] = {
}, },
{ 0 } { 0 }
}; };
static struct config_desc table_sslhcfg[] = { static struct config_desc table_sslhcfg[] = {
@ -974,22 +973,6 @@ static struct config_desc table_sslhcfg[] = {
/* default_val*/ .default_val.def_int = 3 /* default_val*/ .default_val.def_int = 3
}, },
{
/* name */ "verbose",
/* type */ CFG_INT,
/* sub_group*/ NULL,
/* arg_cl */ & sslhcfg_verbose,
/* base_addr */ NULL,
/* offset */ offsetof(struct sslhcfg_item, verbose),
/* offset_len */ 0,
/* offset_present */ 0,
/* size */ sizeof(int),
/* array_type */ -1,
/* mandatory */ 1,
/* optional */ 0,
/* default_val*/ .default_val.def_int = 0
},
{ {
/* name */ "version", /* name */ "version",
/* type */ CFG_BOOL, /* type */ CFG_BOOL,
@ -1310,7 +1293,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: listen */ { /* arg: listen */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_listen, .arg_cl = & sslhcfg_listen,
.base_entry = & table_sslhcfg [24], .base_entry = & table_sslhcfg [23],
.targets = sslhcfg_listen_targets, .targets = sslhcfg_listen_targets,
@ -1322,7 +1305,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: ssh */ { /* arg: ssh */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_ssh, .arg_cl = & sslhcfg_ssh,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_ssh_targets, .targets = sslhcfg_ssh_targets,
@ -1334,7 +1317,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: tls */ { /* arg: tls */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_tls, .arg_cl = & sslhcfg_tls,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_tls_targets, .targets = sslhcfg_tls_targets,
@ -1346,7 +1329,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: openvpn */ { /* arg: openvpn */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_openvpn, .arg_cl = & sslhcfg_openvpn,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_openvpn_targets, .targets = sslhcfg_openvpn_targets,
@ -1358,7 +1341,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: tinc */ { /* arg: tinc */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_tinc, .arg_cl = & sslhcfg_tinc,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_tinc_targets, .targets = sslhcfg_tinc_targets,
@ -1370,7 +1353,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: xmpp */ { /* arg: xmpp */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_xmpp, .arg_cl = & sslhcfg_xmpp,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_xmpp_targets, .targets = sslhcfg_xmpp_targets,
@ -1382,7 +1365,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: http */ { /* arg: http */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_http, .arg_cl = & sslhcfg_http,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_http_targets, .targets = sslhcfg_http_targets,
@ -1394,7 +1377,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: adb */ { /* arg: adb */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_adb, .arg_cl = & sslhcfg_adb,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_adb_targets, .targets = sslhcfg_adb_targets,
@ -1406,7 +1389,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: socks5 */ { /* arg: socks5 */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_socks5, .arg_cl = & sslhcfg_socks5,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_socks5_targets, .targets = sslhcfg_socks5_targets,
@ -1418,7 +1401,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: syslog */ { /* arg: syslog */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_syslog, .arg_cl = & sslhcfg_syslog,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_syslog_targets, .targets = sslhcfg_syslog_targets,
@ -1430,7 +1413,7 @@ static struct compound_cl_arg compound_cl_args[] = {
{ /* arg: anyprot */ { /* arg: anyprot */
.regex = "(.+):(\\w+)", .regex = "(.+):(\\w+)",
.arg_cl = & sslhcfg_anyprot, .arg_cl = & sslhcfg_anyprot,
.base_entry = & table_sslhcfg [25], .base_entry = & table_sslhcfg [24],
.targets = sslhcfg_anyprot_targets, .targets = sslhcfg_anyprot_targets,
@ -2106,7 +2089,6 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg)
sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "<n>", 0, 1, ""), sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "<n>", 0, 1, ""),
sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "<n>", 0, 1, ""), sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "<n>", 0, 1, ""),
sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "<n>", 0, 1, ""), sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "<n>", 0, 1, ""),
sslhcfg_verbose = arg_intn("v", "verbose", "<n>", 0, 1, ""),
sslhcfg_version = arg_litn("V", "version", 0, 1, "Print version information and exit"), sslhcfg_version = arg_litn("V", "version", 0, 1, "Print version information and exit"),
sslhcfg_foreground = arg_litn("f", "foreground", 0, 1, "Run in foreground instead of as a daemon"), sslhcfg_foreground = arg_litn("f", "foreground", 0, 1, "Run in foreground instead of as a daemon"),
sslhcfg_inetd = arg_litn("i", "inetd", 0, 1, "Run in inetd mode: use stdin/stdout instead of network listen"), sslhcfg_inetd = arg_litn("i", "inetd", 0, 1, "Run in inetd mode: use stdin/stdout instead of network listen"),
@ -2308,9 +2290,6 @@ void sslhcfg_fprint(
fprintf(out, "verbose_int_error: %d", sslhcfg->verbose_int_error); fprintf(out, "verbose_int_error: %d", sslhcfg->verbose_int_error);
fprintf(out, "\n"); fprintf(out, "\n");
indent(out, depth); indent(out, depth);
fprintf(out, "verbose: %d", sslhcfg->verbose);
fprintf(out, "\n");
indent(out, depth);
fprintf(out, "version: %d", sslhcfg->version); fprintf(out, "version: %d", sslhcfg->version);
fprintf(out, "\n"); fprintf(out, "\n");
indent(out, depth); indent(out, depth);

3
sslh-conf.h
View File

@ -1,5 +1,5 @@
/* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
* on Sun Sep 26 16:54:06 2021. * on Mon Sep 27 13:21:48 2021.
# conf2struct: generate libconf parsers that read to structs # conf2struct: generate libconf parsers that read to structs
# Copyright (C) 2018-2021 Yves Rutschle # Copyright (C) 2018-2021 Yves Rutschle
@ -85,7 +85,6 @@ struct sslhcfg_item {
int verbose_probe_error; int verbose_probe_error;
int verbose_system_error; int verbose_system_error;
int verbose_int_error; int verbose_int_error;
int verbose;
int version; int version;
int foreground; int foreground;
int inetd; int inetd;

1
sslh-main.c
View File

@ -196,7 +196,6 @@ int main(int argc, char *argv[], char* envp[])
if (cfg.inetd) if (cfg.inetd)
{ {
cfg.verbose = 0;
close(fileno(stderr)); /* Make sure no error will go to client */ close(fileno(stderr)); /* Make sure no error will go to client */
start_shoveler(0); start_shoveler(0);
exit(0); exit(0);

1
sslhconf.cfg
View File

@ -39,7 +39,6 @@ config: {
{ name: "verbose-system-error"; type: "int"; default: 3; }, { name: "verbose-system-error"; type: "int"; default: 3; },
{ name: "verbose-int-error"; type: "int"; default: 3; }, { name: "verbose-int-error"; type: "int"; default: 3; },
{ name: "verbose"; type: "int"; short: "v" }, # to delete
{ name: "version"; type: "bool"; default: false; { name: "version"; type: "bool"; default: false;
short: "V"; short: "V";
description: "Print version information and exit"; }, description: "Print version information and exit"; },

20
test.cfg
View File

@ -1,7 +1,6 @@
# Configuration file for testing (use both by sslh under # Configuration file for testing (use both by sslh under
# test and the test script `t`) # test and the test script `t`)
verbose: 4;
foreground: true; foreground: true;
inetd: false; inetd: false;
numeric: true; numeric: true;
@ -15,16 +14,17 @@ syslog_facility: "auth";
# Value: 1: stdout; 2: syslog; 3: both # Value: 1: stdout; 2: syslog; 3: both
# Defaults should be sensible. Generally, you want *-error # Defaults should be sensible. Generally, you want *-error
# to be always enabled, to know if something is going wrong. # to be always enabled, to know if something is going wrong.
#verbose-config: 3; # config: print configuration at startup verbose-config: 3; # print configuration at startup
#verbose-config-error: 3; #config-error: print configuration errors verbose-config-error: 3; # print configuration errors
#verbose-connections: 3; #config-connections: track connections verbose-connections: 3; # trace established incoming address to forward address
#verbose-fd: 3; # file descriptor activity, open/close/whatnot verbose-connections-error: 3; # connection errors
verbose-connections-try: 3; # connection attempts towards targets
verbose-fd: 3; # file descriptor activity, open/close/whatnot
verbose-packets: 3; # hexdump packets on which probing is done verbose-packets: 3; # hexdump packets on which probing is done
#verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing verbose-probe-info: 3; # what's happening during the probe process
#verbose-int-error: 3; # internal errors, the kind that should never happen verbose-probe-error: 3; # failures and problems during probing
#verbose-connections-try: 3; # connection attempts towards targets verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing
#verbose-connections: 3; # trace established incoming address to forward address verbose-int-error: 3; # internal errors, the kind that should never happen
# verbose-connections-error: 3; # connection errors
# List of interfaces on which we should listen # List of interfaces on which we should listen
# Options: # Options: