Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-10-31 21:20:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
759 Commits 2 Branches 27 Tags 3.1 MiB
009fe9f6ad
Commit Graph

90 Commits

Author SHA1 Message Date
Soner Tari
009fe9f6ad Merge sslsplit develop changes 2019-08-08 12:23:04 +03:00
Soner Tari
58eb907d69 Separate global and proxyspec opts 2019-07-12 14:40:04 +03:00
Soner Tari
c3abe74776 Add client filtering to PassSite option, per site filters can be defined using client IP addresses, users, and description keywords 2019-04-21 01:00:46 +03:00
Soner Tari
24972bda48 Rearrange debug log messages 2019-04-03 20:23:30 +03:00
Soner Tari
8c2fd3cc31 Replace recursion with while loop in child max fd computation and debug logging 2019-03-31 18:22:19 +03:00
Soner Tari
3c8d6e7e4e Fix the location of the assertion checking NULL thr conns list, nice catch by this assert() call, that it is misplaced, so add further assertions 2019-03-29 15:38:03 +03:00
Soner Tari
98c1186cb8 Improve documentation, and simplify code 2019-03-24 01:31:19 +03:00
Soner Tari
ad38b68ad7 Fix a possible multithreading issue: Ignore event_add() failure and do not try to close the conn after adding it to pending ssl conns list 
Debug print pending ssl conns list
Remove redundant asprintf() calls and vars
Rename fields and fix whitespace
 2019-03-23 23:34:38 +03:00
Soner Tari
50740b9f77 Remove redundant ctx fields, rename vars, rearrange code, and improve documentation 2019-03-23 20:48:40 +03:00
Soner Tari
42eb887ebb Do not modify conn thread fields without locking on thrmgr thread, so we only modify thr load and thr conn list, no tread stats, on thrmgr now 2019-03-23 00:09:18 +03:00
Soner Tari
bf67b617c2 Keep track of ssl conns waiting for the first packet, and remove them if they time out 
Otherwise if no packet arrives, hence readcb does not fire, that ssl conn is lost causing memory and fd leak
Accepting a connection does not mean that a packet will be received
Use better names
 2019-03-22 15:21:39 +03:00
Soner Tari
e145ca6eed Refactor add/remove conn/child code 
Fix whitespace
 2019-03-19 02:54:48 +03:00
Soner Tari
cc0b94c17f Do not do anything with the conn ctx on the thrmgr thread after setting event callbacks and/or socket connect 
Always lock conn thr while reading ctx fields, otherwise we may get wrong values
 2019-03-18 03:59:40 +03:00
Soner Tari
17122fa6a8 Always keep thr load and conns list in sync 2019-03-17 18:57:33 +03:00
Soner Tari
c43e359a1b Do not modify thr stats without locking, otherwise max fd stats were sometimes wrong 2019-03-16 23:19:48 +03:00
Soner Tari
3147723774 Add attribs, enclose debug params between debug macros, and improve documentation 2019-03-16 00:44:12 +03:00
Soner Tari
dcaaa49f90 Improve documentation and use better names 2019-03-15 15:39:15 +03:00
Soner Tari
79ad5e86cc Fix expired conn handling, signal 6 crash: Do not lock conn thr mutex twice while freeing expired conns 
Fix passthrough mode: Do not SSL_free() srvdst ssl anymore and do not add conn to thr conns list twice
 2019-03-15 00:20:53 +03:00
Soner Tari
844e68116a Move userauth from thrmgr thread to conn handling threads, and do not enable r/w callbacks until userauth succeeds 
Lock conn thread instead of thrmgr thread while adding conns (giant thrmgr lock versus conn thread level locks), so add conn thread mutex and remove thrmgr mutex
Offload thrmgr thread by moving many conn related setup to conn handling threads
Fix signal 6 crash caused by calling pxy_thrmgr_timer_cb() while failed conn is being freed, so use conn thread mutexes and defer adding conn to thr conn list until conn setup succeeds
Other fixes, improvements, and clean-up
 2019-03-14 03:47:03 +03:00
Soner Tari
7b11eb15fa Update copyright year to 2019 2019-03-13 14:42:40 +03:00
Soner Tari
4f4b41d5ad Add user and proto validation info to connection logs 2019-03-09 01:09:08 +03:00
Soner Tari
1f451aa04d Change user db table name to users, change mac column name to ether 
Clean up
 2019-03-02 03:44:14 +03:00
Soner Tari
cde3fbca3f Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD 
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
 2019-03-01 02:08:24 +03:00
Soner Tari
fb25c45c66 Clean-up 2019-02-16 17:52:57 +03:00
Soner Tari
304207e9e9 Add initial user database support using sqlite3 2019-02-16 17:29:14 +03:00
Soner Tari
3f148cf3b9 Move thrmgr->conn_count inc for conn id back to conn acceptcb, because acceptcb runs on thrmgr thread which is single threaded, so there is no multithreading issues there 2018-11-09 12:32:16 +03:00
Soner Tari
360b951ade Prevent possible multithreading issues, which would not cause crashes but incorrect conn ids and memory leaks due to broken thread conn linked lists 2018-11-09 02:10:08 +03:00
Soner Tari
12ecc96648 Assume co-ownership of refactored and new pxy and proto source files by adding copyright line below the original copyright line 2018-10-30 12:42:52 +03:00
Soner Tari
5351e78740 Combine term and enomem handling code and improve 2018-10-29 01:59:26 +03:00
Soner Tari
c085cafe0f Rename srv_dst to srvdst 
Clean up
 2018-10-22 16:12:07 +03:00
Soner Tari
a314be6e94 Add conn context and is_child fields to proxy context struct to get rid of extra function params and to simplify conditionals 
Remove redundant parent/conn pointer vars
Use conn instead of parent amap
 2018-09-23 02:02:15 +03:00
Soner Tari
6f023e5990 Avoid comparison between signed and unsigned integer, reported by @janusloo on Linux DietPi 4.14.22-v7+ #1096 SMP Mon Feb 26 19:14:22 GMT 2018 armv7l GNU/Linux, I don't see such warnings on 64-bit OpenBSD or Linux though, even with -Wsign-compare 2018-03-11 14:57:58 +03:00
Soner Tari
0fee063e0c Use %zu for size_t, and avoid comparison between signed and unsigned integer, reported by @janusloo 2018-03-10 22:34:28 +03:00
Soner Tari
f6a63c33b1 Fix time_t portability, see https://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp00029.html 2018-03-10 21:29:21 +03:00
Soner Tari
9d435e180c Update with SSLsplit 0.5.2 and develop branch changes as of 270218 2018-02-27 22:20:58 +03:00
Soner Tari
4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues 
Add VerifyPeer and AllowWrongHost options
 2018-01-18 03:18:53 +03:00
Soner Tari
3ae89131dc Use different syslog facilities for error, conn, and stats logs, so they can be filtered into separate log files in syslog.conf 2017-10-30 01:22:34 +03:00
Soner Tari
b064ffa668 Use llu int as unique conn id, much simpler than uuid 2017-10-26 20:10:36 +03:00
Soner Tari
137f017cb5 Fix EXPIRED message bug, other fixes and improvements 2017-10-26 18:57:46 +03:00
Soner Tari
a1c5d05143 Add support for log priority to error logs, so syslogd prints the correct prio for error logs now 2017-10-15 01:39:30 +03:00
Soner Tari
9ec58f821b Changes needed while adding SSL proxy support to WUI 
Separate mail/mails to pop3/pop3s/smtp/smpts for statistics
Write connect logs to syslog too, for statistics
Fix log lines for statistics, remove fds from err logs
 2017-08-20 01:46:57 +03:00
Soner Tari
7748e3ec1b Add conf file support, with -f command line option, supports a subset of all possible options 2017-08-16 16:01:52 +03:00
Soner Tari
1a6eab50a5 Tidy and clean logs up 
Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines
Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse
-O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too)
Refactoring
 2017-08-13 04:36:33 +03:00
Soner Tari
9e637dd2cc Clean-up 2017-08-01 16:05:25 +03:00
Soner Tari
5a136b7ce7 Add extra stats 
Rearrange, clean-up
 2017-07-30 00:34:46 +03:00
Soner Tari
2411f79582 Add plain or ssl info to SSLproxy specific header line 
Fix child eof bug
Flickr keeps redirecting to https with 301 unless we remove the Via line of squid, so apparently flickr assumes the existence of Via header field or squid keyword a sign of plain http, even if we are using https
Also do not send the loopback address to the Internet
Other fixes
 2017-07-27 17:50:45 +03:00
Soner Tari
67ddee1585 Import sslsplit-devel changes 
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
 2017-07-25 16:07:39 +03:00
Soner Tari
378c8c03ef Fix/improve logging, clean-up 2017-07-23 01:15:59 +03:00
Soner Tari
1b9a192947 Remove recursion while freeing children, parent frees children in a loop now 
Improve, simplify, clean-up
 2017-07-15 13:04:13 +03:00
Soner Tari
ae35623c15 Remove meta ctx completely 
Fix issues
 2017-07-15 04:07:42 +03:00