diff --git a/common.c b/common.c index 131a10b..dece661 100644 --- a/common.c +++ b/common.c @@ -323,15 +323,14 @@ int connect_addr(struct connection *cnx, int fd_from, connect_blocking blocking) /* When transparent, make sure both connections use the same address family */ if (transparent && a->ai_family != from.ai_addr->sa_family) continue; - if (cfg.verbose) - fprintf(stderr, "connecting to %s family %d len %d\n", + print_message(msg_connections_try, "trying to connect to %s family %d len %d\n", sprintaddr(buf, sizeof(buf), a), a->ai_addr->sa_family, a->ai_addrlen); /* XXX Needs to match ai_family from fd_from when being transparent! */ fd = socket(a->ai_family, SOCK_STREAM, 0); if (fd == -1) { - log_message(LOG_ERR, "forward to %s failed:socket: %s\n", + print_message(msg_connections_error, "forward to %s failed:socket: %s\n", cnx->proto->name, strerror(errno)); } else { one = 1; @@ -351,7 +350,7 @@ int connect_addr(struct connection *cnx, int fd_from, connect_blocking blocking) /* EINPROGRESS indicates it might take time. If it eventually * fails, it'll be caught as a failed read */ if ((res == -1) && (errno != EINPROGRESS)) { - log_message(LOG_ERR, "forward to %s failed:connect: %s\n", + print_message(msg_connections_error, "forward to %s failed:connect: %s\n", cnx->proto->name, strerror(errno)); close(fd); continue; /* Try the next address */ @@ -371,9 +370,8 @@ int defer_write(struct queue *q, void* data, int data_size) { char *p; ptrdiff_t data_offset = q->deferred_data - q->begin_deferred_data; - if (cfg.verbose) - fprintf(stderr, "**** writing deferred on fd %d\n", q->fd); + print_message(msg_fd, "writing deferred on fd %d\n", q->fd); p = realloc(q->begin_deferred_data, data_offset + q->deferred_data_size + data_size); CHECK_ALLOC(p, "realloc"); @@ -394,8 +392,7 @@ int flush_deferred(struct queue *q) { int n; - if (cfg.verbose) - fprintf(stderr, "flushing deferred data to fd %d\n", q->fd); + print_message(msg_fd, "flushing deferred data to fd %d\n", q->fd); n = write(q->fd, q->deferred_data, q->deferred_data_size); if (n == -1) @@ -570,7 +567,7 @@ void resolve_name(struct addrinfo **out, char* fullname) /* Find port */ char *sep = strrchr(fullname, ':'); if (!sep) { /* No separator: parameter is just a port */ - fprintf(stderr, "%s: names must be fully specified as hostname:port\n", fullname); + print_message(msg_config_error, "%s: names must be fully specified as hostname:port\n", fullname); exit(1); } serv = sep+1; @@ -580,9 +577,9 @@ void resolve_name(struct addrinfo **out, char* fullname) res = resolve_split_name(out, host, serv); if (res) { - fprintf(stderr, "%s `%s'\n", gai_strerror(res), fullname); + print_message(msg_config_error, "%s `%s'\n", gai_strerror(res), fullname); if (res == EAI_SERVICE) - fprintf(stderr, "(Check you have specified all ports)\n"); + print_message(msg_config_error, "(Check you have specified all ports)\n"); exit(4); } } @@ -664,8 +661,7 @@ int check_access_rights(int in_socket, const char* service) /* extract peer address */ res = getnameinfo(&peer.saddr, size, addr_str, sizeof(addr_str), NULL, 0, NI_NUMERICHOST); if (res) { - if (cfg.verbose) - fprintf(stderr, "getnameinfo(NI_NUMERICHOST):%s\n", gai_strerror(res)); + print_message(msg_system_error, "getnameinfo(NI_NUMERICHOST):%s\n", gai_strerror(res)); strcpy(addr_str, STRING_UNKNOWN); } /* extract peer name */ @@ -673,15 +669,12 @@ int check_access_rights(int in_socket, const char* service) if (!cfg.numeric) { res = getnameinfo(&peer.saddr, size, host, sizeof(host), NULL, 0, NI_NAMEREQD); if (res) { - if (cfg.verbose) - fprintf(stderr, "getnameinfo(NI_NAMEREQD):%s\n", gai_strerror(res)); + print_message(msg_system_error, "getnameinfo(NI_NAMEREQD):%s\n", gai_strerror(res)); } } if (!hosts_ctl(service, host, addr_str, STRING_UNKNOWN)) { - if (cfg.verbose) - fprintf(stderr, "access denied\n"); - log_message(LOG_INFO, "connection from %s(%s): access denied", host, addr_str); + print_message(msg_connections, "connection from %s(%s): access denied", host, addr_str); close(in_socket); return -1; } diff --git a/log.c b/log.c index eb89515..217d86e 100644 --- a/log.c +++ b/log.c @@ -56,12 +56,29 @@ msg_info msg_system_error = { &cfg.verbose_system_error }; - msg_info msg_packets = { LOG_INFO, &cfg.verbose_packets }; +/* additional info when attempting outgoing connections */ +msg_info msg_connections_try = { + LOG_DEBUG, + &cfg.verbose_connections_try +}; + +/* Connection information and failures (e.g. forbidden by policy) */ +msg_info msg_connections = { + LOG_INFO, + &cfg.verbose_connections +}; + +/* Connection failures, e.g. target server not present */ +msg_info msg_connections_error = { + LOG_ERR, + &cfg.verbose_connections_error +}; + diff --git a/log.h b/log.h index 563d217..7d2ea7a 100644 --- a/log.h +++ b/log.h @@ -22,4 +22,8 @@ extern msg_info msg_packets; extern msg_info msg_int_error; extern msg_info msg_system_error; +extern msg_info msg_connections_try; +extern msg_info msg_connections_error; +extern msg_info msg_connections; + #endif /* LOG_H */ diff --git a/sslh-conf.c b/sslh-conf.c index 1abebb6..e280054 100644 --- a/sslh-conf.c +++ b/sslh-conf.c @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 19 21:54:06 2021. + * on Sun Sep 26 15:51:02 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -446,6 +446,7 @@ struct arg_file* sslhcfg_conffile; struct arg_int* sslhcfg_verbose_config; struct arg_int* sslhcfg_verbose_config_error; struct arg_int* sslhcfg_verbose_connections; + struct arg_int* sslhcfg_verbose_connections_try; struct arg_int* sslhcfg_verbose_connections_error; struct arg_int* sslhcfg_verbose_fd; struct arg_int* sslhcfg_verbose_packets; @@ -791,7 +792,7 @@ static struct config_desc table_sslhcfg_listen[] = { }, { 0 } }; - + static struct config_desc table_sslhcfg[] = { @@ -843,6 +844,22 @@ static struct config_desc table_sslhcfg[] = { /* default_val*/ .default_val.def_int = 3 }, + { + /* name */ "verbose_connections_try", + /* type */ CFG_INT, + /* sub_group*/ NULL, + /* arg_cl */ & sslhcfg_verbose_connections_try, + /* base_addr */ NULL, + /* offset */ offsetof(struct sslhcfg_item, verbose_connections_try), + /* offset_len */ 0, + /* offset_present */ 0, + /* size */ sizeof(int), + /* array_type */ -1, + /* mandatory */ 0, + /* optional */ 0, + /* default_val*/ .default_val.def_int = 0 + }, + { /* name */ "verbose_connections_error", /* type */ CFG_INT, @@ -1259,7 +1276,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: listen */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_listen, - .base_entry = & table_sslhcfg [21], + .base_entry = & table_sslhcfg [22], .targets = sslhcfg_listen_targets, @@ -1271,7 +1288,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: ssh */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_ssh, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_ssh_targets, @@ -1283,7 +1300,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tls */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tls, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_tls_targets, @@ -1295,7 +1312,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: openvpn */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_openvpn, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_openvpn_targets, @@ -1307,7 +1324,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: tinc */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_tinc, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_tinc_targets, @@ -1319,7 +1336,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: xmpp */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_xmpp, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_xmpp_targets, @@ -1331,7 +1348,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: http */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_http, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_http_targets, @@ -1343,7 +1360,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: adb */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_adb, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_adb_targets, @@ -1355,7 +1372,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: socks5 */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_socks5, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_socks5_targets, @@ -1367,7 +1384,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: syslog */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_syslog, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_syslog_targets, @@ -1379,7 +1396,7 @@ static struct compound_cl_arg compound_cl_args[] = { { /* arg: anyprot */ .regex = "(.+):(\\w+)", .arg_cl = & sslhcfg_anyprot, - .base_entry = & table_sslhcfg [22], + .base_entry = & table_sslhcfg [23], .targets = sslhcfg_anyprot_targets, @@ -2047,6 +2064,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) sslhcfg_verbose_config = arg_intn(NULL, "verbose-config", "", 0, 1, ""), sslhcfg_verbose_config_error = arg_intn(NULL, "verbose-config-error", "", 0, 1, ""), sslhcfg_verbose_connections = arg_intn(NULL, "verbose-connections", "", 0, 1, ""), + sslhcfg_verbose_connections_try = arg_intn(NULL, "verbose-connections-try", "", 0, 1, ""), sslhcfg_verbose_connections_error = arg_intn(NULL, "verbose-connections-error", "", 0, 1, ""), sslhcfg_verbose_fd = arg_intn(NULL, "verbose-fd", "", 0, 1, ""), sslhcfg_verbose_packets = arg_intn(NULL, "verbose-packets", "", 0, 1, ""), @@ -2230,6 +2248,9 @@ void sslhcfg_fprint( fprintf(out, "verbose_connections: %d", sslhcfg->verbose_connections); fprintf(out, "\n"); indent(out, depth); + fprintf(out, "verbose_connections_try: %d", sslhcfg->verbose_connections_try); + fprintf(out, "\n"); + indent(out, depth); fprintf(out, "verbose_connections_error: %d", sslhcfg->verbose_connections_error); fprintf(out, "\n"); indent(out, depth); diff --git a/sslh-conf.h b/sslh-conf.h index f51ae62..ad4a3e2 100644 --- a/sslh-conf.h +++ b/sslh-conf.h @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Sun Sep 19 21:54:06 2021. + * on Sun Sep 26 15:51:02 2021. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2021 Yves Rutschle @@ -77,6 +77,7 @@ struct sslhcfg_item { int verbose_config; int verbose_config_error; int verbose_connections; + int verbose_connections_try; int verbose_connections_error; int verbose_fd; int verbose_packets; diff --git a/sslhconf.cfg b/sslhconf.cfg index 8e89324..57fedc4 100644 --- a/sslhconf.cfg +++ b/sslhconf.cfg @@ -28,6 +28,7 @@ config: { { name: "verbose-config"; type: "int"; default: 0; }, { name: "verbose-config-error"; type: "int"; default: 3; }, { name: "verbose-connections"; type: "int"; default: 3; }, + { name: "verbose-connections-try"; type: "int"; default: 0; }, { name: "verbose-connections-error"; type: "int"; default: 3; }, { name: "verbose-fd"; type: "int"; default: 0; }, { name: "verbose-packets"; type: "int"; default: 0; }, diff --git a/test.cfg b/test.cfg index 8a83312..2b95c65 100644 --- a/test.cfg +++ b/test.cfg @@ -22,6 +22,9 @@ syslog_facility: "auth"; verbose-packets: 3; # hexdump packets on which probing is done #verbose-system-error: 3; # system call problem, i.e. malloc, fork, failing #verbose-int-error: 3; # internal errors, the kind that should never happen +#verbose-connections-try: 3; # connection attempts towards targets +#verbose-connections: 3; # trace established incoming address to forward address +# verbose-connections-error: 3; # connection errors # List of interfaces on which we should listen # Options: