Browse Source

sslh: Add support for external config file

This allows users to use an external config file if required (for
example matching packets based on SNI hostname or REGEX patterns).

Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Signed-off-by: Mircea Horea IONICĂ <mionica@gmail.com>
lilik-openwrt-22.03
Mircea Horea IONICĂ 8 years ago
committed by Jonathan McCrohan
parent
commit
727cb7e6e7
4 changed files with 49 additions and 8 deletions
  1. +7
    -3
      net/sslh/Makefile
  2. +2
    -0
      net/sslh/files/sslh.config
  3. +8
    -5
      net/sslh/files/sslh.init
  4. +32
    -0
      net/sslh/patches/002-configfile-fix.patch

+ 7
- 3
net/sslh/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=sslh
PKG_VERSION:=v1.18
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://rutschle.net/tech/sslh/
@ -24,12 +24,14 @@ define Package/sslh
CATEGORY:=Network
SUBMENU:=Routing and Redirection
TITLE:=SSL/SSH multiplexer
DEPENDS:=+libconfig +USE_UCLIBC:libpcre +USE_MUSL:libpcre
URL:=http://rutschle.net/tech/sslh.shtml
PKG_MAINTAINER:=Jonathan McCrohan <jmccrohan@gmail.com>
endef
define Package/sslh/conffiles
/etc/config/sslh
/etc/sslh.conf
endef
define Build/Compile
@ -37,10 +39,11 @@ define Build/Compile
CC="$(TARGET_CC)" \
CFLAGS="$(TARGET_CFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)" \
ENABLE_REGEX= \
USELIBCONFIG= \
ENABLE_REGEX=1 \
USELIBCONFIG=1 \
USELIBWRAP= \
USELIBPCRE= \
$(if $(CONFIG_USE_GLIBC),USELIBPCRE=,USELIBPCRE=1)\
all
endef
@ -51,6 +54,7 @@ define Package/sslh/install
$(INSTALL_BIN) files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME)
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) files/$(PKG_NAME).config $(1)/etc/config/$(PKG_NAME)
$(INSTALL_CONF) $(PKG_BUILD_DIR)/basic.cfg $(1)/etc/sslh.conf
endef
$(eval $(call BuildPackage,sslh))

+ 2
- 0
net/sslh/files/sslh.config View File

@ -28,3 +28,5 @@ config 'sslh' 'default'
# verbose defaults to off
# -v
option 'verbose' '0'
# use external config file
# option configfile '/etc/sslh.conf'

+ 8
- 5
net/sslh/files/sslh.init View File

@ -26,12 +26,12 @@ start_instance() {
config_get val "${section}" ssl
[ -n "${val}" ] && append args "--ssl ${val}"
# D) openvpn parameter
config_get val "${section}" openvpn
[ -n "${val}" ] && append args "--openvpn ${val}"
config_get val "${section}" openvpn
[ -n "${val}" ] && append args "--openvpn ${val}"
# E) tinc parameter
config_get val "${section}" tinc
[ -n "${val}" ] && append args "--tinc ${val}"
# F) xmpp parameter
config_get val "${section}" tinc
[ -n "${val}" ] && append args "--tinc ${val}"
# F) xmpp parameter
config_get val "${section}" xmpp
[ -n "${val}" ] && append args "--xmpp ${val}"
# G) timeout (before a connection is considered to be SSH)
@ -41,6 +41,9 @@ start_instance() {
local verbosed
config_get_bool verbosed "${section}" verbose 0
[ "${verbosed}" -ne 0 ] && append args "-v"
# I) sslh config file (cmd line args override file settings)
config_get val "${section}" configfile
[ -n "${val}" ] && append args "-F${val}"
# Defaults were removed for --user and --pidfile options
# in sslh 1.11; Define them here instead.


+ 32
- 0
net/sslh/patches/002-configfile-fix.patch View File

@ -0,0 +1,32 @@
diff --git a/basic.cfg b/basic.cfg
index 54a799c..d938767 100644
--- a/basic.cfg
+++ b/basic.cfg
@@ -1,3 +1,7 @@
+# **** Attention OpenWRT/LEDE Users ****
+# sslh command line arguments override arguments defined in this
+# configuration file (UCI uses command line arguments)
+
# This is a basic configuration file that should provide
# sensible values for "standard" setup.
@@ -14,15 +18,16 @@ pidfile: "/var/run/sslh.pid";
# Change hostname with your external address name.
listen:
(
- { host: "thelonious"; port: "443"; }
+ { host: "0.0.0.0"; port: "443"; },
+ { host: "[::]"; port: "443"; }
);
protocols:
(
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; },
{ name: "openvpn"; host: "localhost"; port: "1194"; },
- { name: "xmpp"; host: "localhost"; port: "5222"; },
- { name: "http"; host: "localhost"; port: "80"; },
+# { name: "xmpp"; host: "localhost"; port: "5222"; },
+# { name: "http"; host: "localhost"; port: "80"; },
{ name: "ssl"; host: "localhost"; port: "443"; log_level: 0; },
{ name: "anyprot"; host: "localhost"; port: "443"; }
);

Loading…
Cancel
Save