Yves Rutschle
bb4aeb446a
Use default configuration filename
2014-12-27 11:57:27 +01:00
Yves Rutschle
74de4f4fd2
Transparent proxy support for FreeBSD (attribution)
2014-12-25 20:15:52 +01:00
Yves Rutschle
56fdc6b4af
Transparant proxy support for FreeBSD
2014-12-25 20:08:24 +01:00
yrutschle
b6f4c04c36
Merge pull request #25 from guikcd/remove_cant_bind_address_test
...
Disable Can't bind to address test since IP_FREEBIND allow us to do that
2014-12-25 19:57:47 +01:00
Yves Rutschle
b9ddfb4c7a
Support RFC5952-style IPv6 addresses
2014-12-22 18:19:02 +01:00
Ruben van Staveren
ece6e28e45
#ifdef IP_BINDANY/IPV6_BINDANY cases
2014-07-24 17:29:53 +02:00
Ruben van Staveren
0d8e2438de
Correct markdown
2014-07-22 21:43:03 +02:00
Ruben van Staveren
36cf99697b
Add instruction for FreeBSD
2014-07-22 20:30:52 +02:00
Ruben van Staveren
ddc1efed89
Merge branch 'freebsd_transparent' of https://github.com/rvstaveren/sslh into freebsd_transparent
2014-07-22 20:06:32 +02:00
Ruben van Staveren
e2fc091482
When transparent, make sure both connections use the same address family
2014-07-22 20:05:25 +02:00
Ruben van Staveren
42425a8373
Have USELIBWRAP redefineable
2014-07-22 20:05:25 +02:00
Ruben van Staveren
e246536be2
FreeBSD way of doing transparent proxy: work in progress
2014-07-22 20:05:25 +02:00
Ruben van Staveren
7d23a55236
When transparent, make sure both connections use the same address family
2014-07-22 19:36:40 +02:00
Ruben van Staveren
dedb3672d7
Have USELIBWRAP redefineable
2014-07-22 19:36:29 +02:00
Guillaume Delacour
21a6d3c3ae
Disable Can't bind to address test since IP_FREEBIND allow us to do that
2014-07-15 16:22:37 +02:00
Yves Rutschle
9a0a9b9492
Clarified that sslh uses LOG_AUTH facility for logging in manual page
2014-07-15 11:26:16 +02:00
Ruben van Staveren
b6de2904f0
FreeBSD way of doing transparent proxy: work in progress
2014-06-20 14:11:25 +02:00
Yves Rutschle
d10b539a5a
fixed obsolete README reference to -o option
2014-04-19 13:10:12 +02:00
Yves Rutschle
48d4d81e0c
minor corrections to usage string
2014-04-19 10:41:17 +02:00
Yves Rutschle
36e05640c0
added -F description to man page
2014-04-19 10:40:53 +02:00
Ondřej Kuzník
7876bddff3
Fix regex probes always matching ( #19 )
2014-04-09 19:18:52 +01:00
Yves Rutschle
6fb234f85e
added fail2ban configuration examples
2014-03-30 18:51:21 +02:00
Yves Rutschle
7d6cac73d4
added transparent option to man page and help
2014-03-30 18:25:03 +02:00
Yves Rutschle
621f0718dd
added license file
2014-03-30 18:09:16 +02:00
Yves Rutschle
426797f9c0
call setgroups before setgid
2014-03-30 17:28:00 +02:00
Yves Rutschle
53550ff21e
fix errors in previous commit...
2014-02-24 17:52:58 +01:00
Yves Rutschle
9beacc63f9
use directory version when compiling from a tarball without git
2014-02-23 10:41:47 +01:00
Jason Cooper
62cbb55b8e
genver.sh: use /bin/sh for portability
...
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2014-02-17 19:08:02 +01:00
yrutschle
27567c4804
Merge pull request #14 from belobrov-andrey/fd_leak_fix
...
Fixed possible file descriptor leak.
2014-02-16 13:11:19 +01:00
Belobrov Andrey
ff070a6b46
Fixed possible file descriptor leak.
2014-02-14 08:32:38 +04:00
Yves Rutschle
9d2deff6ad
Changelog prepared for v1.16
2014-02-11 22:06:01 +01:00
Yves Rutschle
6bcb5c83f2
libcap support: print out process capabilities at startup if verbose
2014-02-09 21:39:27 +01:00
Yves Rutschle
2d3b6c4abd
fix Markdown documentation for libcap
2014-02-09 20:50:03 +01:00
Yves Rutschle
4dfa694e8a
Merged libcap patch
2014-02-09 20:34:26 +01:00
yrutschle
e6318ddde0
Merge pull request #12 from vapier/master
...
sslh-fork: close all listening sockets in shoveler
2014-02-09 13:59:10 +01:00
Yves Rutschle
67c34a7460
set IP_FREEBIND if available to bind to non-existent interfaces
2014-02-09 13:29:49 +01:00
Mike Frysinger
71ce82815c
sslh-fork: close all listening sockets in shoveler
...
When we're watching multiple sockets, we don't want to just close
the active one we got a connection on before launching the shoveler.
If we want to restart the daemon, we run into problems because the
socket is still in use. Instead, close all the sockets we were
listening on.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2014-01-09 10:16:42 -05:00
Yves Rutschle
5998c9ec1a
Do not require --listen when --inetd is specified
2014-01-06 22:21:44 +01:00
Yves Rutschle
45996cc1ee
minor typesetting fix to manual page
2014-01-06 22:07:33 +01:00
Yves Rutschle
56944e4d38
Generate version tag based on file modification date if git is not present
2013-11-23 16:46:54 +01:00
yrutschle
9c3a838cc5
Merge pull request #8 from nbraud/readme
...
Markdownify the README
2013-11-05 23:10:24 -08:00
Nicolas Braud-Santoni
b24f9820f9
Markdownify the README
2013-11-05 22:34:48 +01:00
Sebastian Schmidt
009faa64b7
Implement libcap support
...
Use libcap for saving CAP_NET_ADMIN (if --transparent is given) over a
setuid(). We don’t need CAP_NET_BIND_SERVICE as the listening sockets
are established before dropping root.
2013-10-20 21:16:56 +02:00
Yves Rutschle
3f386b6541
initiated TODO list
2013-10-06 12:09:52 +02:00
Yves Rutschle
fb0760dd72
Probes made resilient to packets that are too short, or
...
contain NULLs.
2013-09-28 21:39:00 +02:00
Yves Rutschle
f2ca4c13a6
ChangeLog entry for the branch
2013-09-28 21:38:33 +02:00
Yves Rutschle
96f5d6387e
new test for PROBE_AGAIN; changed deferred_data to begin_deferred_data where appropriate
2013-09-28 21:33:25 +02:00
Ondrej Kuznk
025545aee3
Fix typos and type warnings
2013-09-28 20:49:46 +02:00
Ondřej Kuzník
d14dcdee5c
Fix build issues when version.h doesn't exist yet
2013-09-28 20:44:08 +02:00
Ondřej Kuzník
66c7d674a0
is a bashism
2013-09-28 20:42:05 +02:00