Included a diff for updating sslh to 1.12. From changelog:
- Added support for configuration file.
- New protocol probes can be defined using regular expressions that
match the first packet sent by the client.
- sslh now connects timed out connections to the first configured
protocol instead of 'ssh' (just make sure ssh is the first defined
protocol).
- sslh now tries protocols in the order in which they are defined
(just make sure sslh is the last defined protocol).
OK?
--
Björn Ketelaars
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/sslh/Makefile,v
retrieving revision 1.3
diff -p -u -r1.3 Makefile
--- Makefile 22 Apr 2012 20:50:12 -0000 1.3
+++ Makefile 12 May 2012 14:22:41 -0000
@@ -2,7 +2,7 @@
COMMENT = ssl/ssh multiplexer
-VERSION = 1.11
+VERSION = 1.12
DISTNAME = sslh-${VERSION}
CATEGORIES = security net
REVISION = 0
@@ -18,14 +18,21 @@ PERMIT_DISTFILES_FTP = Yes
MASTER_SITES = http://www.rutschle.net/tech/ \
http://mirror2.openwrt.org/sources/
-WANTLIB = c wrap
+WANTLIB = c config wrap
+
+LIB_DEPENDS = devel/libconfig
+
+MAKE_FLAGS = CC="${CC}" \
+ CFLAGS="${CFLAGS} -I${LOCALBASE}/include -Wall -DLIBWRAP
-DLIBCONFIG" \
+ LIBS="${LIBS} -L${LOCALBASE}/lib -lwrap -lconfig"
-MAKE_FLAGS = CC="${CC}"
NO_REGRESS = Yes
do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
+ ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh
${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sslh
+ ${INSTALL_DATA} ${WRKSRC}/example.cfg
${PREFIX}/share/examples/sslh/sslh.conf
${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
.for p in sslh-fork sslh-select
${INSTALL_PROGRAM} ${WRKSRC}/$p ${PREFIX}/sbin
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/sslh/distinfo,v
retrieving revision 1.2
diff -p -u -r1.2 distinfo
--- distinfo 22 Apr 2012 20:50:12 -0000 1.2
+++ distinfo 12 May 2012 14:22:41 -0000
@@ -1,5 +1,5 @@
-MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w==
-RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg=
-SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg=
-SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ=
-SIZE (sslh-1.11.tar.gz) = 25779
+MD5 (sslh-1.12.tar.gz) = JlAU7NrkUS6sypGq/wuagQ==
+RMD160 (sslh-1.12.tar.gz) = nYcMu5L4GGQtd5XYwagSFQynZ5w=
+SHA1 (sslh-1.12.tar.gz) = YV56XxfGSajzUDVyfq++ovYLjNM=
+SHA256 (sslh-1.12.tar.gz) = +YZiW8yLYSdUsrjJX4frcX9U8Iw1aIL/LOCwkL4MKdY=
+SIZE (sslh-1.12.tar.gz) = 30305
Index: patches/patch-Makefile
===================================================================
RCS file: /cvs/ports/net/sslh/patches/patch-Makefile,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 patch-Makefile
--- patches/patch-Makefile 13 Apr 2012 14:14:21 -0000 1.1.1.1
+++ patches/patch-Makefile 12 May 2012 14:22:41 -0000
@@ -1,6 +1,6 @@
---- Makefile.orig Sat Nov 26 19:06:58 2011
-+++ Makefile Fri Mar 23 19:53:40 2012
-@@ -5,26 +5,19 @@
+--- Makefile.orig Fri May 11 19:38:15 2012
++++ Makefile Fri May 11 19:40:06 2012
+@@ -6,31 +6,19 @@ USELIBWRAP= # Use libwrap?
COV_TEST= # Perform test coverage?
PREFIX=/usr/local
@@ -17,20 +17,25 @@
CC = gcc
-CFLAGS=-Wall -g $(CFLAGS_COV)
- #LIBS=-lnet
LIBS=
- OBJS=common.o sslh-main.o
+ OBJS=common.o sslh-main.o probe.o
-ifneq ($(strip $(USELIBWRAP)),)
- LIBS:=$(LIBS) -lwrap
- CFLAGS:=$(CFLAGS) -DLIBWRAP
-endif
-+LIBS:=$(LIBS) -lwrap
-+CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP
++LIBS:=$(LIBS) -lwrap -lconfig
++CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP -DLIBCONFIG
+-ifneq ($(strip $(USELIBCONFIG)),)
+- LIBS:=$(LIBS) -lconfig
+- CFLAGS:=$(CFLAGS) -DLIBCONFIG
+-endif
+-
all: sslh $(MAN) echosrv
-@@ -46,7 +39,7 @@
+ .c.o: *.h
+@@ -51,7 +39,7 @@ echosrv: $(OBJS) echosrv.o
$(CC) $(CFLAGS) -o echosrv echosrv.o common.o $(LIBS)
$(MAN): sslh.pod Makefile
@@ -39,8 +44,3 @@
# generic install: install binary and man page
install: sslh $(MAN)
-@@ -72,4 +65,3 @@
-
- test:
- ./t
--
Index: patches/patch-example_cfg
===================================================================
RCS file: patches/patch-example_cfg
diff -N patches/patch-example_cfg
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-example_cfg 12 May 2012 14:22:41 -0000
@@ -0,0 +1,38 @@
+--- example.cfg.orig Tue May 8 11:49:34 2012
++++ example.cfg Sat May 12 16:21:33 2012
+@@ -1,17 +1,17 @@
+ verbose: false;
+-foreground: true;
++foreground: false;
+ inetd: false;
+ numeric: false;
+ timeout: 2;
+-user: "nobody";
+-pidfile: "/var/run/sslh.pid";
++user: "_sslh";
++#pidfile: "/var/run/sslh.pid";
+
+
+ # List of interfaces on which we should listen
+ listen:
+ (
+- { host: "thelonious"; port: "443"; }
+-# , { host: "thelonious"; port: "8080"; }
++ { host: "0.0.0.0"; port: "443"; }
++# , { host: "::0"; port: "443"; }
+ );
+
+ # List of protocols
+@@ -32,9 +32,8 @@ listen:
+ protocols:
+ (
+ { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe:
"builtin"; },
+- { name: "openvpn"; host: "localhost"; port: "1194"; probe: [
"^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; },
+- { name: "xmpp"; host: "localhost"; port: "5222"; probe: [ "jabber" ]; },
+- { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
++# { name: "openvpn"; host: "localhost"; port: "1194"; probe: [
"^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; },
++# { name: "xmpp"; host: "localhost"; port: "5222"; probe: [ "jabber" ]; },
++# { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
+ { name: "ssl"; host: "localhost"; port: "443"; probe: [ "" ]; }
+ );
+-
Index: patches/patch-sslh_main_c
===================================================================
RCS file: patches/patch-sslh_main_c
diff -N patches/patch-sslh_main_c
--- patches/patch-sslh_main_c 22 Apr 2012 20:50:12 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,11 +0,0 @@
---- sslh-main.c.orig Sat Apr 21 17:34:25 2012
-+++ sslh-main.c Sun Apr 22 09:41:43 2012
-@@ -54,7 +54,7 @@
- "-t: timeout before connecting to SSH.\n" \
- "-p: address and port to listen on.\n Can be used several times to bind to
several addresses.\n" \
- "--[ssh,ssl,...]: where to connect connections from corresponding
protocol.\n" \
--"-P: PID file. Default: /var/run/sslh.pid.\n" \
-+"-P: PID file.\n" \
- "-i: Run as a inetd service.\n" \
- "";
-
Index: patches/patch-sslh_pod
===================================================================
RCS file: /cvs/ports/net/sslh/patches/patch-sslh_pod,v
retrieving revision 1.2
diff -p -u -r1.2 patch-sslh_pod
--- patches/patch-sslh_pod 22 Apr 2012 20:50:12 -0000 1.2
+++ patches/patch-sslh_pod 12 May 2012 14:22:41 -0000
@@ -1,6 +1,6 @@
---- sslh.pod.orig Sat Apr 21 18:34:14 2012
-+++ sslh.pod Sun Apr 22 09:45:36 2012
-@@ -16,12 +16,19 @@
+--- sslh.pod.orig Sat May 12 15:39:27 2012
++++ sslh.pod Sat May 12 15:43:25 2012
+@@ -17,12 +17,19 @@ to connect to any of these servers on port 443 (e.g. f
inside a corporate firewall, which almost never block port
443) while still serving HTTPS on that port.
@@ -21,25 +21,15 @@
=head2 Protocol detection
The protocol detection is made based on the first bytes sent
-@@ -45,17 +52,6 @@
- provides, and connects it to the SSH server if it starts
- with "SSH-", or connects it to the SSL server otherwise.
+@@ -78,7 +85,6 @@ Alternatively, the I<probe> parameter can be set to
+ "builtin", to use the compiled probes which are much faster
+ than regular expressions.
--=head2 Libwrap support
--
--One drawback of B<sslh> is that the B<ssh> and B<httpd>
--servers do not see the original IP address of the client
--anymore, as the connection is forwarded through B<sslh>.
--B<sslh> provides enough logging to circumvent that problem.
--However it is common to limit access to B<ssh> using
--B<libwrap> or B<tcpd>. For this reason, B<sslh> can be
--compiled to check SSH accesses against SSH access lists as
--defined in F</etc/hosts.allow> and F</etc/hosts.deny>.
-
=head1 OPTIONS
=over 4
-@@ -140,24 +136,6 @@
+@@ -164,24 +170,6 @@ Runs as an I<inetd> server. Options B<-P> (PID file),
Runs in foreground. The server will not fork and will remain connected
to the terminal. Messages normally sent to B<syslog> will also be sent
to I<stderr>.
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/sslh/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 PLIST
--- pkg/PLIST 13 Apr 2012 14:14:21 -0000 1.1.1.1
+++ pkg/PLIST 12 May 2012 14:22:41 -0000
@@ -6,5 +6,7 @@
@bin sbin/sslh-select
share/doc/sslh/
share/doc/sslh/README
+share/examples/sslh/
+share/examples/sslh/sslh.conf
@rcscript ${RCDIR}/sslh_fork
@rcscript ${RCDIR}/sslh_select
