Added log_level option to configuration file, which switches off log at each connection

2015-12-15 15:51:18 +01:00 · 2015-12-15 15:51:18 +01:00 · 2cb424c646
parent 24612835c3
commit 2cb424c646
7 changed files with 28 additions and 14 deletions
--- a/3
+++ b/3
@ -9,6 +9,9 @@ vNEXT:
 	no longer required, 'name' field can now contain
 	'sni' or 'regex', with corresponding options (see
 	example.org)
+	Added 'log_level' option to each protocol, which
+	allows to turn off generation of log at each
+	connection.

 v1.17: 	09MAR2015
 	Support RFC5952-style IPv6 addresses, e.g. [::]:443.
--- a/basic.cfg
+++ b/basic.cfg
@ -23,7 +23,7 @@ protocols:
     { name: "openvpn"; host: "localhost"; port: "1194"; },
     { name: "xmpp"; host: "localhost"; port: "5222"; },
     { name: "http"; host: "localhost"; port: "80"; },
-     { name: "ssl"; host: "localhost"; port: "443"; },
+     { name: "ssl"; host: "localhost"; port: "443"; log_level: 0; },
     { name: "anyprot"; host: "localhost"; port: "443"; }
 );

--- a/common.c
+++ b/common.c
@ -431,6 +431,9 @@ void log_connection(struct connection *cnx)
        local[MAX_NAMELENGTH], target[MAX_NAMELENGTH];
    int res;

+    if (cnx->proto->log_level < 1)
+        return;
+
    addr.ai_addr = (struct sockaddr*)&ss;
    addr.ai_addrlen = sizeof(ss);

--- a/example.cfg
+++ b/example.cfg
@ -46,8 +46,8 @@ protocols:
     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; },
     { name: "http"; host: "localhost"; port: "80"; },

-     { name: "sni"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; },
-     { name: "sni"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ]; },
+     { name: "sni"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; log_level: 0; },
+     { name: "sni"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ];  log_level: 0;},

 # OpenVPN
     { name: "regex"; host: "localhost"; port: "1194"; regex_patterns: [ "^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; },
--- a/probe.c
+++ b/probe.c
@ -41,16 +41,16 @@ static int is_true(const char *p, int len, struct proto* proto) { return 1; }
 /* Table of protocols that have a built-in probe
 */
 static struct proto builtins[] = {
-    /* description   service  saddr   probe  */
-    { "ssh",         "sshd",   NULL,   is_ssh_protocol},
-    { "openvpn",     NULL,     NULL,   is_openvpn_protocol },
-    { "tinc",        NULL,     NULL,   is_tinc_protocol },
-    { "xmpp",        NULL,     NULL,   is_xmpp_protocol },
-    { "http",        NULL,     NULL,   is_http_protocol },
-    { "ssl",         NULL,     NULL,   is_tls_protocol },
-    { "tls",         NULL,     NULL,   is_tls_protocol },
-    { "adb",         NULL,     NULL,   is_adb_protocol },
-    { "anyprot",     NULL,     NULL,   is_true }
+    /* description   service  saddr  log_level   probe  */
+    { "ssh",         "sshd",   NULL,  1,         is_ssh_protocol},
+    { "openvpn",     NULL,     NULL,  1,         is_openvpn_protocol },
+    { "tinc",        NULL,     NULL,  1,         is_tinc_protocol },
+    { "xmpp",        NULL,     NULL,  1,         is_xmpp_protocol },
+    { "http",        NULL,     NULL,  1,         is_http_protocol },
+    { "ssl",         NULL,     NULL,  1,         is_tls_protocol },
+    { "tls",         NULL,     NULL,  1,         is_tls_protocol },
+    { "adb",         NULL,     NULL,  1,         is_adb_protocol },
+    { "anyprot",     NULL,     NULL,  1,         is_true }
 };

 static struct proto *protocols;
--- a/probe.h
+++ b/probe.h
@ -20,6 +20,9 @@ struct proto {
    const char* description;  /* a string that says what it is (for logging and command-line parsing) */
    const char* service;      /* service name to do libwrap checks */
    struct addrinfo *saddr; /* list of addresses to try and switch that protocol */
+    int log_level;  /* 0: No logging of connection
+                     * 1: Log incoming connection
+                     */

    /* function to probe that protocol; parameters are buffer and length
     * containing the data to probe, and a pointer to the protocol structure */
--- a/sslh-main.c
+++ b/sslh-main.c
@ -119,10 +119,11 @@ static void printsettings(void)
    
    for (p = get_first_protocol(); p; p = p->next) {
        fprintf(stderr,
-                "%s addr: %s. libwrap service: %s family %d %d\n", 
+                "%s addr: %s. libwrap service: %s log_level: %d family %d %d\n", 
                p->description, 
                sprintaddr(buf, sizeof(buf), p->saddr), 
                p->service,
+                p->log_level,
                p->saddr->ai_family,
                p->saddr->ai_addr->sa_family);
    }
@ -271,6 +272,10 @@ static int config_protocols(config_t *config, struct proto **prots)
                p->description = name;
                config_setting_lookup_string(prot, "service", &(p->service));

+                if (config_setting_lookup_int(prot, "log_level", &p->log_level) == CONFIG_FALSE) {
+                    p->log_level = 1;
+                }
+
                resolve_split_name(&(p->saddr), hostname, port);

                p->probe = get_probe(name);