third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-13 07:37:15 +03:00
Code Issues Packages Projects Releases Wiki Activity
798 Commits 3 Branches 42 Tags
Commit Graph

90 Commits

Author SHA1 Message Date
Yves Rutschle
8166be1a09 Fix inetd mode (fix #399) 2024-05-16 21:30:11 +02:00
Sergey Ponomarev
ae7530e33f Fix Narrowing conversion from 'ssize_t' to signed type 'int' is implementation-defined 2024-04-13 20:25:18 +02:00
Yves Rutschle
b65f1e8b26 Merged Landlock feature 2023-12-09 14:13:07 +01:00
Yves Rutschle
0562eb4b07 fix resolve_on_forward use (fix #405) 2023-09-06 15:48:13 +02:00
Yves Rűtschlé
8930ec395e Initial support for the landlock LSM 2023-08-29 17:20:51 +02:00
Toni Uhlig
b971f3edcd
add wireguard probe 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2022-08-26 12:27:44 +02:00
Toni Uhlig
a6c5e07d69
add some config sanity checks, fixes #307 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2022-08-13 22:18:26 +02:00
yrutschle
a4db163a69 config sanity check that there is at least one target protocol for each family that we listen to (fix #336) 2022-07-10 21:16:41 +02:00
yrutschle
d23a537d62 regerenate c2s files 2022-04-30 09:56:08 +02:00
lns
f9831df8bc Added support for logging to a file. 
* Added ASAN/LSAN/UBSAN support via Makefile
 * Fixed a memory leak

Signed-off-by: lns <matzeton@googlemail.com>
 2022-04-28 15:19:18 +02:00
yrutschle
449fabba51 linked list sorted by timeout times 2022-04-24 18:35:09 +02:00
yrutschle
35036c94c7 make UDP hash size configurable 2022-04-10 09:03:53 +02:00
Paul Schroeder
78bc954769
review 
Signed-off-by: Paul Schroeder <milkpirate@users.noreply.github.com>
 2022-03-19 23:18:29 +01:00
Paul Schroeder
87577ae5f6
add functionality 
Signed-off-by: Paul Schroeder <milkpirate@users.noreply.github.com>
 2022-03-18 17:59:54 +01:00
yrutschle
caa62875c1 remove --verbose option 2021-09-27 13:28:21 +02:00
yrutschle
c8fce0a02f make sure no error will go to stderr if in inetd (fix #303) 2021-09-27 13:21:16 +02:00
yrutschle
098a55fd1d new logging system: now with message classes 2021-09-19 15:14:38 +02:00
yrutschle
5e27806545 new logging system: now with message classes 2021-09-19 15:13:04 +02:00
yrutschle
4a6bbda60d remove obsolete usage string and added lost version option 2021-08-24 14:10:14 +02:00
yrutschle
4b885b4a2c remove obsolete variables 2021-07-31 23:34:43 +02:00
yrutschle
ce23f202b7 use pcre2 api directly 2021-07-31 23:12:55 +02:00
yrutschle
37d2756703 move to PCRE for conf file 2021-07-23 22:36:20 +02:00
yrutschle
adb27aa4a3 add a per-protocol transparent proxy option 2021-02-21 21:03:01 +01:00
yrutschle
c12f7a1ade abstract listening sockets so we have protocol information alongside the socket 2020-11-07 22:31:49 +01:00
yrutschle
8a1dae8c22 refactor: move local address resolution into start_listen_socket 2020-11-07 18:55:04 +01:00
yrutschle
e67d6ff905 removed obsolete support for . Use instead 2020-07-30 09:45:50 +02:00
yrutschle
2c93a015ea make libconfig optionnal again 2020-07-24 16:51:06 +02:00
yrutschle
8638199f13 test for command line parameters 2020-07-19 18:32:57 +02:00
yrutschle
46d9796bd6 fail as soon as a listen address cannot be resolved 2020-07-10 23:12:03 +02:00
yrutschle
219163ac27 dont keep going if config parse failed 2020-07-10 22:49:41 +02:00
Jonas Mueller
87aaa156e0 Add explicit casts to remove warnings 
for incompatible-pointer-types-discards-qualifiers
 2019-11-05 20:28:58 +01:00
Jonas Mueller
ef8233a839 Fix warnings for format-string-security 2019-11-05 20:11:44 +01:00
yrutschle
891bcf9966 fix error message upon regex syntax error 2019-09-06 21:05:46 +02:00
Niobos
0380a4309f Change process name to indicate task of process 2019-09-05 16:40:59 +02:00
yrutschle
7baf7f724c Move config dump to stderr and verbose > 4 2019-02-08 22:45:16 +01:00
yrutschle
530acc7c72 Moved command line parsing to conf2struct 2019-01-12 21:33:44 +01:00
yrutschle
ad0adfb0e1 re-integrate command line support 2018-12-07 08:32:36 +01:00
yrutschle
33ab9d535d code cleanup and adaptation of regex probe 2018-12-04 23:11:04 +01:00
yrutschle
d3d4fd657a moved config parse to c2s code 2018-12-03 11:02:20 +01:00
yrutschle
e7ce929020 config file now read to struct with c2s; command line no longer works 2018-11-29 11:56:33 +01:00
yrutschle
aa77922ffd turn ssl setting from command line to tls (ssl no longer exists) 2018-09-30 21:34:22 +02:00
yrutschle
2ee0088c5f turn ssl setting from configuration file to tls (ssl no longer exists) 2018-09-30 20:20:06 +02:00
yrutschle
0003680137 remove old tls and ssl targets, only use alpn/sni probe also for TLS with no extensions 2018-09-23 12:07:06 +02:00
yrutschle
108a9780d8
Merge pull request #187 from msantos/segfault 
Fix potential segfaults (unverified malloc() returns) and other robustness issues
 2018-06-18 16:45:51 +02:00
Michael Santos
9228171eb0 config: exit if list element is invalid 2018-06-18 10:35:28 -04:00
Michael Santos
8ce2b2ea05 Check memory allocations succeed 2018-06-18 10:35:28 -04:00
Michael Santos
4c132e3c8d config: segfault parsing invalid sni/alpn 
Check return value of config_setting_get_string_elem() for error
before passing the result to strlen():

~~~ segfault.conf
protocols:
(
 { name: "tls"; host: "localhost"; port: "8443";  sni_hostnames:  [ 0 ];
}
);
~~~
 2018-06-18 10:35:28 -04:00
Roman
0ada00474b
Fixed a typo 
Just a typo in usage text.
 2018-06-14 14:31:50 +02:00
Mike Frysinger
0fb4c6b2ad add chroot support 
This allows people to chroot sslh into a path to further harden it.

We have to rework the user logic a bit because we need to look up
the user details *before* we chroot (as we need to read /etc/passwd
files), but do the actual priv dropping *after* we chroot (so we
have permission to make the actual chroot call).

Similarly, we need to open the syslog before we drop privs because
/dev/log won't be available inside the chroot.
 2018-01-03 10:19:59 -05:00
yrutschle
d26eab728c
Merge pull request #143 from astiob/select-fork 
sslh-select: support forking for particular protocols
 2018-01-02 22:26:58 +01:00