third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-12 07:10:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
859 Commits 3 Branches 42 Tags
Commit Graph

58 Commits

Author SHA1 Message Date
Sergey Fedorov
eccf7dbdc4 common.h: add a declaration of hosts_ctl for macOS 
Fixes: https://github.com/yrutschle/sslh/issues/492
 2025-04-08 21:40:58 +02:00
Yves Rutschle
24c3bb07a0 add support for proxyprotocol v1 on backend server side 2025-03-09 18:49:17 +01:00
Yves Rutschle
5a0897c5cb refactor: connect_addr() update the *cnx object upon connecting to backend server, instead of each caller doing it 2025-03-09 09:43:41 +01:00
yrutschle
fabf0a121c actually include config.h 2025-02-19 08:59:17 +01:00
Yves Rutschle
bf082292c2 new is_unix field to create listen unix sockets 2024-12-22 23:54:14 +01:00
Sergey Ponomarev
ae7530e33f Fix Narrowing conversion from 'ssize_t' to signed type 'int' is implementation-defined 2024-04-13 20:25:18 +02:00
Yves Rűtschlé
b94060ad76 undef FD_SETSIZE to avoid compiler warning upon redefine 2024-03-15 15:09:39 +01:00
Yves Rutschle
b65f1e8b26 Merged Landlock feature 2023-12-09 14:13:07 +01:00
Yves Rűtschlé
8930ec395e Initial support for the landlock LSM 2023-08-29 17:20:51 +02:00
rnhmjoj
33129481cf
fix handling of IPv6 UDP connections 
Problem:
IPv6 addresses are 4 bytes long and don't fit inside a `sockaddr`, so
`recvfrom` will truncate the address to the first half.
When generating a reply, the remaining half of the address is filled
with garbage and the packet is subsequently delivered to the wrong host,
if not immediately dropped.

Solution:
replace `sockaddr` with `sockaddr_storage`, the latter is guaranteed to
be large enough to hold an IPv6 address and pointers can be cast to
`sockaddr *` when needed.
 2023-08-22 11:44:09 +02:00
yrutschle
449fabba51 linked list sorted by timeout times 2022-04-24 18:35:09 +02:00
yrutschle
50f5af394b remove obsolete declaration 2022-04-18 22:55:15 +02:00
yrutschle
1e0578c082 don't log to syslog when testing 2022-03-18 18:02:32 +01:00
yrutschle
b0aeeff465 Include log header before defining macros that depend on log levels. (fix #308) 2021-10-04 09:11:41 +02:00
yrutschle
c9eff6e38d removed obsolete declarations 2021-10-03 17:25:31 +02:00
yrutschle
4f0f5017bc remove obsolete prototype 2021-09-27 12:55:57 +02:00
yrutschle
70b31a48d9 migrate generic system call failure checks to new log system 2021-09-27 12:53:41 +02:00
yrutschle
66caf8a31b remove log_message 2021-09-27 12:51:37 +02:00
yrutschle
4a6bbda60d remove obsolete usage string and added lost version option 2021-08-24 14:10:14 +02:00
yrutschle
e7df8eeaa1 removed static known_source arrays, UDP connections are now managed dynamically 2021-07-07 19:58:08 +02:00
yrutschle
862e33cfec moved UDP support from sslh-fork to sslh-select 2021-07-01 22:44:35 +02:00
yrutschle
1ad450a444 sslh-select sets O_NONBLOCK *before* calling connect, which prevents hanging on an unresposive server (fix #258) 2021-05-28 13:38:45 +02:00
yrutschle
8e130882fc sslh-fork drops all capabilities after connecting to server side 2021-05-09 15:46:25 +02:00
yrutschle
49c136691c refactor: move UDP code to its own file 2021-02-23 21:17:39 +01:00
yrutschle
c12f7a1ade abstract listening sockets so we have protocol information alongside the socket 2020-11-07 22:31:49 +01:00
yrutschle
8a1dae8c22 refactor: move local address resolution into start_listen_socket 2020-11-07 18:55:04 +01:00
Niobos
0380a4309f Change process name to indicate task of process 2019-09-05 16:40:59 +02:00
yrutschle
3aa245efa5 separate connection information creationg from log emission 2019-09-05 15:48:33 +02:00
yrutschle
d5baed3f18 Fix fd2fd return value which should not be -1 on error 2019-05-13 15:21:22 +02:00
yrutschle
4e725e1520 added TFO for listening socket 2019-03-10 10:11:06 +01:00
Craig Andrews
0a880ea607
Use TCP Fast Open for client sockets 
Set the TCP_FASTOPEN_CONNECT option on client sockets to signal desire to use TCP Fast Open.

See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19f6d3f3c8422d65b5e3d2162e30ef07c6e21ea2
 2019-03-09 21:18:36 -05:00
yrutschle
dbc0667ad3 removed obsolete declarations 2018-12-08 22:55:03 +01:00
yrutschle
33ab9d535d code cleanup and adaptation of regex probe 2018-12-04 23:11:04 +01:00
yrutschle
e7ce929020 config file now read to struct with c2s; command line no longer works 2018-11-29 11:56:33 +01:00
Michael Santos
8ce2b2ea05 Check memory allocations succeed 2018-06-18 10:35:28 -04:00
Yves Rutschlé
c8c6688d16 add file and line number upon error messages 2018-01-10 22:10:19 +00:00
Yves Rutschlé
7bf3e12c30 Don't clobber data in libconfig space, copy it before 
changing it. So far it worked, but really that's not
respecting the contract.
 2018-01-07 16:43:50 +00:00
Mike Frysinger
0fb4c6b2ad add chroot support 
This allows people to chroot sslh into a path to further harden it.

We have to rework the user logic a bit because we need to look up
the user details *before* we chroot (as we need to read /etc/passwd
files), but do the actual priv dropping *after* we chroot (so we
have permission to make the actual chroot call).

Similarly, we need to open the syslog before we drop privs because
/dev/log won't be available inside the chroot.
 2018-01-03 10:19:59 -05:00
Yves Rutschle
aa06261d70 added syslog_facility option 2017-07-21 22:46:24 +02:00
Yves Rutschle
00d5872aa1 ignore brackets in hostname in config files 2017-04-21 22:33:02 +02:00
Yves Rutschle
067f5d7646 Revert "clarify no space after -F (issue 108)" 
This reverts commit f02ce3821c018719536971dbb1bc1ed1517530a2.

That commit accidently imported code that broke transparent
proxying.
 2017-01-08 12:54:34 +01:00
Yves Rutschlé
f02ce3821c clarify no space after -F (issue 108) 2016-11-06 19:44:47 +00:00
Yves Rutschle
555005f455 Complies to DCL37-C (Issue 59) 2016-01-26 18:49:57 +01:00
Yves Rutschle
6bcb5c83f2 libcap support: print out process capabilities at startup if verbose 2014-02-09 21:39:27 +01:00
Yves Rutschle
67c34a7460 set IP_FREEBIND if available to bind to non-existent interfaces 2014-02-09 13:29:49 +01:00
Ondřej Kuzník
e4fb8b8496 defered -> deferred 2013-09-28 20:42:04 +02:00
Ondřej Kuzník
d7bbec0dc7 Simplify function signatures 2013-09-28 20:21:48 +02:00
Ondřej Kuzník
dbafd6510d Allow probes to say they cannot decide yet 2013-09-28 20:21:47 +02:00
Jason Cooper
f36eb7be39 version.h: dynamically create version number based on git 
When building the source from a checked out tag, eg v1.15, VERSION will
equal v1.15.  However, when building from anything other than a tagged
version, you get 'v1.15-4-g50432d5-dirty' meaning I was 4 patches in
front of v1.15, particularly '50432d5' was my current HEAD, and I had
uncommited changes, '-dirty'.

Very useful for folks submitting bug reports on versions they compiled
themselves.

Signed-off-by: Jason Cooper <jason@lakedaemon.net>
 2013-09-16 21:56:45 +02:00
Jason Cooper
c6adb6a1e1 remove unneeded executable permissions on source files 
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
 2013-09-16 21:56:38 +02:00