Yves Rutschle
dfd9e14866
fix socks5 probe
2018-06-13 09:52:49 +02:00
yrutschle
552723cc5f
Merge pull request #180 from sanmai/patch-1
...
Update README.md
2018-06-01 10:31:34 +02:00
Alexey Kopytko
09aaf39e25
Update README.md
...
Removed redundant dollar signs since they're not used anywhere else in the README.
2018-06-01 15:13:50 +09:00
Yves Rutschle
7acf9627ee
fix memory leak when using transparent proxying
2018-05-29 12:38:57 +02:00
Yves Rutschle
b8e63a4d9d
fixed systemd config to correct path
2018-05-26 17:02:15 +00:00
yrutschle
f451cc8bed
Merge pull request #172 from WeirdCarrotMonster/master
...
Added support for socks5 protocol
2018-04-16 22:38:06 +02:00
Eugene Protozanov
a43dd11fc9
Added support for socks5 protocol
2018-04-16 15:27:31 +04:00
yrutschle
3a61c8b0b1
Merge pull request #167 from HighwindsHipsApp/master
...
Fixed parent/child usage after initial fork in sslh-fork.c
2018-02-11 18:42:21 +01:00
Josh Tway
0c928fedbb
Fixed issue in sslh-fork.c where the parent was being used instead of the child after forking. This was breaking multiple unit tests (on CentOS 7 at least)
2018-02-08 17:22:22 -05:00
Yves Rutschle
1a6ba5edc0
fix IPv6 parse error introduced in 7bf3e12c30d0585743792982ed8bcfc44aecae34
2018-01-27 22:59:52 +01:00
Yves Rutschlé
83be63d282
v1.19
2018-01-20 18:40:15 +00:00
Yves Rutschlé
3ab2acdafa
fix fork failure handling
2018-01-11 14:45:32 +00:00
Yves Rutschlé
c8c6688d16
add file and line number upon error messages
2018-01-10 22:10:19 +00:00
Yves Rutschlé
9a85efded5
log error message in case fork fails
2018-01-08 18:54:01 +00:00
Yves Rutschlé
7bf3e12c30
Don't clobber data in libconfig space, copy it before
...
changing it. So far it worked, but really that's not
respecting the contract.
2018-01-07 16:43:50 +00:00
Yves Rutschlé
bc72c4ac42
clarify regex examples are just examples
2018-01-07 15:42:52 +00:00
Yves Rutschlé
fc9cb27746
fix ALPN configuration logic
2018-01-06 22:43:16 +00:00
Yves Rutschlé
2c3518beb4
configuration examples for fork option
2018-01-06 22:42:39 +00:00
yrutschle
141e4b4f83
Merge pull request #105 from vapier/master
...
add chroot support
2018-01-03 20:34:05 +01:00
Mike Frysinger
0fb4c6b2ad
add chroot support
...
This allows people to chroot sslh into a path to further harden it.
We have to rework the user logic a bit because we need to look up
the user details *before* we chroot (as we need to read /etc/passwd
files), but do the actual priv dropping *after* we chroot (so we
have permission to make the actual chroot call).
Similarly, we need to open the syslog before we drop privs because
/dev/log won't be available inside the chroot.
2018-01-03 10:19:59 -05:00
yrutschle
d9541392f8
Merge pull request #139 from tmolitor-stud-tu/master
...
Better documentation of transparent proxy support with more features
2018-01-02 23:24:46 +01:00
yrutschle
24cd3d0974
Merge pull request #161 from pali/master
...
Ensure that IPv6 socket would listen only for IPv6 connections
2018-01-02 23:19:00 +01:00
yrutschle
d26eab728c
Merge pull request #143 from astiob/select-fork
...
sslh-select: support forking for particular protocols
2018-01-02 22:26:58 +01:00
yrutschle
53e00c27ff
Merge pull request #159 from rdebath/patch-5
...
Translate systemd C99 and C++ code to old C
2018-01-02 22:23:19 +01:00
yrutschle
063169c167
Merge pull request #162 from vapier/adb
...
adb: update protocol sniffer
2018-01-02 22:21:19 +01:00
Prameet Shah
79ca4df0d7
adb: update protocol sniffer
...
Modified is_adb_protocol in patch.c to check if initial host->device
packet sends an empty message for reasons unknown. This was introduced
in ADB master in https://android-review.googlesource.com/c/342653 .
2018-01-02 06:25:27 -05:00
Pali Rohár
3db5e127fd
Ensure that IPv6 socket would listen only for IPv6 connections
...
When transparent mode is enabled and sslh listening on :: IPv6 address then
source origin address is propagated to target application independently if
connection is IPv4 or IPv6.
On Linux by default IPv6 socket can accept also IPv4 connections. More
applications, including OpenSSH server do not accept IPv4 connections on
IPv6 socket and therefore such transparent configuration does not work.
On BSD systems it is turned off by default due to security reasons.
This patch disables IPv4 connections on IPv6 listening sockets. If somebody
needs to have sslh listening on both IPv4 and IPv6 addresses, then still it
is possible by specifying multiple --listen arguments.
I think it is more misleading if option --listen :::443 cause listening on
both IPv4 and IPv6 addresses even IPv4 address was not specified. This can
also cause security related problems for people who do not know about this
fact as documentation does not mentioned this behavior.
2017-12-28 21:31:15 +01:00
Robert de Bath
981091e39d
Translate systemd C99 and C++ code to old C
2017-12-17 16:37:00 +00:00
Yves Rutschle
0fc6bc8d12
Revert "Adjust linking so that wrapper libraries are static."
...
This reverts commit 021eb836e4984b718480bfc6c9ce20ae4a1194bf.
That commit introduces regression, see
https://github.com/yrutschle/sslh/issues/157#issuecomment-352260802
for discussion.
2017-12-17 16:59:57 +01:00
Yves Rutschle
b36fc73b7a
log timeouts
2017-12-17 14:57:45 +01:00
Yves Rutschle
a7f0c456ab
die if target cannot be resolved (otherwise, we segfault when printing the settings or later)
2017-12-17 14:55:51 +01:00
yrutschle
7808a3a766
Merge pull request #142 from astiob/select-bugs
...
Fix several bugs in sslh-select
2017-12-16 19:51:23 +01:00
yrutschle
f5b1b881a4
Merge pull request #145 from ariera/master
...
Doc update about Transparent proxy support
2017-12-16 19:11:34 +01:00
yrutschle
f8a16c7a29
Merge pull request #146 from guusdk/SSLv2-clienthello
...
Allow SSLv2 CLIENT-HELLO (without SSL 2.0)
2017-12-16 19:09:25 +01:00
yrutschle
b33c65ed53
Merge pull request #96 from candrews/patch-1
...
Harden the systemd service
2017-12-16 19:04:52 +01:00
yrutschle
2f8e635b67
Merge pull request #97 from candrews/patch-2
...
make sure the files using version.h depend on it being generated first
2017-12-16 19:01:28 +01:00
yrutschle
b8851d6714
Merge pull request #98 from candrews/patch-3
...
Build systemd-sslh-generator if USESYSTEMD is set
2017-12-16 18:59:36 +01:00
Craig Andrews
e33124718e
Harden the systemd service
2017-12-12 16:40:53 -05:00
yrutschle
85b94c3259
Merge pull request #153 from rdebath/master
...
Move hexdump to verbose level 2
2017-11-28 21:05:50 +01:00
Robert de Bath
4e790e074f
Move hexdump to verbose level 2
...
From the command line you use two "-v" options or in the configuration
file you replace the boolean "verbose:true" with an integer "verbose:2".
2017-11-27 21:05:07 +00:00
Yves Rutschle
6ca1ee7bfd
remove leftover debug messages
2017-11-26 20:10:05 +01:00
yrutschle
e66e443d5e
Merge pull request #151 from rdebath/patch-3
...
Hexdump for verbose mode.
2017-11-24 13:55:53 +01:00
yrutschle
faa928b75a
Merge pull request #150 from rdebath/patch-2
...
Get libpcre working (and by default)
2017-11-24 13:53:52 +01:00
yrutschle
2ad99fd36f
Merge pull request #149 from rdebath/patch-1
...
Fixup compile using -std=c90
2017-11-24 13:52:22 +01:00
Robert de Bath
64485d7a58
Send hexdump to stderr like other verbose logs.
2017-11-23 20:52:54 +00:00
orbitarm
5b756ebd0a
verbose: dump hex value of packet
...
uses the hexdump() function to display the hex value of each probed
packet, making it easy to create regex rules for unsupported connections
2017-11-23 20:52:54 +00:00
Robert de Bath
021eb836e4
Adjust linking so that wrapper libraries are static.
2017-11-23 20:51:57 +00:00
Robert de Bath
cb90cc97ae
Default to using libpcre and actually use it
...
as libpcre has to better binary support.
Note, just linking libpcre only has no effect, the posix functions are
provided by libpcreposix.
Use "make USELIBPCRE=" to turn libpcre off and link POSIX library.
2017-11-23 20:51:57 +00:00
Robert de Bath
338daafe87
Use REG_EXTENDED for regex matching
...
The "7 regex" manual page called 'Basic' regular expressions "Obsolete".
It also matches the pcre expressions slightly better.
2017-11-23 20:51:57 +00:00
Robert de Bath
9fcbe8c7ea
Fixup compile using -std=c90
2017-11-23 20:50:49 +00:00
