Browse Source

Added log_level option to configuration file, which switches off log at each connection

master
Yves Rutschle 7 years ago
parent
commit
2cb424c646
  1. 3
      ChangeLog
  2. 2
      basic.cfg
  3. 3
      common.c
  4. 4
      example.cfg
  5. 20
      probe.c
  6. 3
      probe.h
  7. 7
      sslh-main.c

3
ChangeLog

@ -9,6 +9,9 @@ vNEXT: @@ -9,6 +9,9 @@ vNEXT:
no longer required, 'name' field can now contain
'sni' or 'regex', with corresponding options (see
example.org)
Added 'log_level' option to each protocol, which
allows to turn off generation of log at each
connection.
v1.17: 09MAR2015
Support RFC5952-style IPv6 addresses, e.g. [::]:443.

2
basic.cfg

@ -23,7 +23,7 @@ protocols: @@ -23,7 +23,7 @@ protocols:
{ name: "openvpn"; host: "localhost"; port: "1194"; },
{ name: "xmpp"; host: "localhost"; port: "5222"; },
{ name: "http"; host: "localhost"; port: "80"; },
{ name: "ssl"; host: "localhost"; port: "443"; },
{ name: "ssl"; host: "localhost"; port: "443"; log_level: 0; },
{ name: "anyprot"; host: "localhost"; port: "443"; }
);

3
common.c

@ -431,6 +431,9 @@ void log_connection(struct connection *cnx) @@ -431,6 +431,9 @@ void log_connection(struct connection *cnx)
local[MAX_NAMELENGTH], target[MAX_NAMELENGTH];
int res;
if (cnx->proto->log_level < 1)
return;
addr.ai_addr = (struct sockaddr*)&ss;
addr.ai_addrlen = sizeof(ss);

4
example.cfg

@ -46,8 +46,8 @@ protocols: @@ -46,8 +46,8 @@ protocols:
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; },
{ name: "http"; host: "localhost"; port: "80"; },
{ name: "sni"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; },
{ name: "sni"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ]; },
{ name: "sni"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; log_level: 0; },
{ name: "sni"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ]; log_level: 0;},
# OpenVPN
{ name: "regex"; host: "localhost"; port: "1194"; regex_patterns: [ "^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; },

20
probe.c

@ -41,16 +41,16 @@ static int is_true(const char *p, int len, struct proto* proto) { return 1; } @@ -41,16 +41,16 @@ static int is_true(const char *p, int len, struct proto* proto) { return 1; }
/* Table of protocols that have a built-in probe
*/
static struct proto builtins[] = {
/* description service saddr probe */
{ "ssh", "sshd", NULL, is_ssh_protocol},
{ "openvpn", NULL, NULL, is_openvpn_protocol },
{ "tinc", NULL, NULL, is_tinc_protocol },
{ "xmpp", NULL, NULL, is_xmpp_protocol },
{ "http", NULL, NULL, is_http_protocol },
{ "ssl", NULL, NULL, is_tls_protocol },
{ "tls", NULL, NULL, is_tls_protocol },
{ "adb", NULL, NULL, is_adb_protocol },
{ "anyprot", NULL, NULL, is_true }
/* description service saddr log_level probe */
{ "ssh", "sshd", NULL, 1, is_ssh_protocol},
{ "openvpn", NULL, NULL, 1, is_openvpn_protocol },
{ "tinc", NULL, NULL, 1, is_tinc_protocol },
{ "xmpp", NULL, NULL, 1, is_xmpp_protocol },
{ "http", NULL, NULL, 1, is_http_protocol },
{ "ssl", NULL, NULL, 1, is_tls_protocol },
{ "tls", NULL, NULL, 1, is_tls_protocol },
{ "adb", NULL, NULL, 1, is_adb_protocol },
{ "anyprot", NULL, NULL, 1, is_true }
};
static struct proto *protocols;

3
probe.h

@ -20,6 +20,9 @@ struct proto { @@ -20,6 +20,9 @@ struct proto {
const char* description; /* a string that says what it is (for logging and command-line parsing) */
const char* service; /* service name to do libwrap checks */
struct addrinfo *saddr; /* list of addresses to try and switch that protocol */
int log_level; /* 0: No logging of connection
* 1: Log incoming connection
*/
/* function to probe that protocol; parameters are buffer and length
* containing the data to probe, and a pointer to the protocol structure */

7
sslh-main.c

@ -119,10 +119,11 @@ static void printsettings(void) @@ -119,10 +119,11 @@ static void printsettings(void)
for (p = get_first_protocol(); p; p = p->next) {
fprintf(stderr,
"%s addr: %s. libwrap service: %s family %d %d\n",
"%s addr: %s. libwrap service: %s log_level: %d family %d %d\n",
p->description,
sprintaddr(buf, sizeof(buf), p->saddr),
p->service,
p->log_level,
p->saddr->ai_family,
p->saddr->ai_addr->sa_family);
}
@ -271,6 +272,10 @@ static int config_protocols(config_t *config, struct proto **prots) @@ -271,6 +272,10 @@ static int config_protocols(config_t *config, struct proto **prots)
p->description = name;
config_setting_lookup_string(prot, "service", &(p->service));
if (config_setting_lookup_int(prot, "log_level", &p->log_level) == CONFIG_FALSE) {
p->log_level = 1;
}
resolve_split_name(&(p->saddr), hostname, port);
p->probe = get_probe(name);

Loading…
Cancel
Save