Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
752 Commits
2 Branches
26 Tags
3.1 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4a05b4bf05'
${ noResults }
Commit Graph

281 Commits (4a05b4bf05d10a64d6625a34e4a9677dd7d59b8c)

Author SHA1 Message Date
Soner Tari 3cbcffcebc Reuse parent srvdst as dst of first child to avoid connecting to server twice, first conn was to get server cert for forging, so we xfer srvdst to first child after parent does not need it anymore 5 years ago
Soner Tari c9769b0d89 Fix global opts lprocinfo 5 years ago
Soner Tari 58eb907d69 Separate global and proxyspec opts 5 years ago
Soner Tari f6a8522d1e Enable -O2 optimization, remove -g 
Clean up gitignore
Fix typos
 5 years ago
Soner Tari 1c8a837df1 Fix FreeBSD support: Call available_fds() on FreeBSD too 5 years ago
Soner Tari adee22db09
Fix FreeBSD support, pr #13 by @5u623l20 
FreeBSD does not have getdtablecount() and needs netinet/in.h
 5 years ago
Soner Tari d1a3328c58 Differentiate PassSite option from Passthrough option: PassSite does not require Passthrough now 
Remove redundant if conditions
 6 years ago
Soner Tari c3abe74776 Add client filtering to PassSite option, per site filters can be defined using client IP addresses, users, and description keywords 6 years ago
Soner Tari 89150fe4d6 Enable more ssl info in conn logs, especially common names in crts 6 years ago
Soner Tari 24972bda48 Rearrange debug log messages 6 years ago
Soner Tari 3c8d6e7e4e Fix the location of the assertion checking NULL thr conns list, nice catch by this assert() call, that it is misplaced, so add further assertions 6 years ago
Soner Tari f9b850f63b Add user info to SSLproxy header line, so listening programs know network users 
Debug print conf file option
 6 years ago
Soner Tari bee1a82bfc Improve error log messages and comments 6 years ago
Soner Tari 44b125f77e Avoid malloc/free for vars of known sizes 6 years ago
Soner Tari 040d00b546 Fix passthrough mode broken by the new pending ssl conns list: It is necessary to NULL the sslctx to prevent passthrough mode trying to access it (signal 11 crash) 
Note that we cannot redirect failed ssl connections to login page while switching to passthrough mode
Remove now redundant pxy_fd_readcb() function
 6 years ago
Soner Tari 50740b9f77 Remove redundant ctx fields, rename vars, rearrange code, and improve documentation 6 years ago
Soner Tari 42eb887ebb Do not modify conn thread fields without locking on thrmgr thread, so we only modify thr load and thr conn list, no tread stats, on thrmgr now 6 years ago
Soner Tari 072dbe2611 Fix privsep PRIVSEP_REQ_UPDATE_ATIME command: Do not request an fd from sys_recvmsgfd() and sys_sendmsgfd(), otherwise opens an stdin (fd 0), causing fd leak 
Remove redundant logging call
 6 years ago
Soner Tari bf67b617c2 Keep track of ssl conns waiting for the first packet, and remove them if they time out 
Otherwise if no packet arrives, hence readcb does not fire, that ssl conn is lost causing memory and fd leak
Accepting a connection does not mean that a packet will be received
Use better names
 6 years ago
Soner Tari dc788862a9 Reintroduce BEV_OPT_THREADSAFE flag, after a signal 10 crash involving buffer events 
Rearrange and fix fd close locations and conn termination
 6 years ago
Soner Tari e145ca6eed Refactor add/remove conn/child code 
Fix whitespace
 6 years ago
Soner Tari cc0b94c17f Do not do anything with the conn ctx on the thrmgr thread after setting event callbacks and/or socket connect 
Always lock conn thr while reading ctx fields, otherwise we may get wrong values
 6 years ago
Soner Tari c43e359a1b Do not modify thr stats without locking, otherwise max fd stats were sometimes wrong 6 years ago
Soner Tari 3147723774 Add attribs, enclose debug params between debug macros, and improve documentation 6 years ago
Soner Tari dcaaa49f90 Improve documentation and use better names 6 years ago
Soner Tari 79ad5e86cc Fix expired conn handling, signal 6 crash: Do not lock conn thr mutex twice while freeing expired conns 
Fix passthrough mode: Do not SSL_free() srvdst ssl anymore and do not add conn to thr conns list twice
 6 years ago
Soner Tari bf513b1c37 Improvements 6 years ago
Soner Tari 844e68116a Move userauth from thrmgr thread to conn handling threads, and do not enable r/w callbacks until userauth succeeds 
Lock conn thread instead of thrmgr thread while adding conns (giant thrmgr lock versus conn thread level locks), so add conn thread mutex and remove thrmgr mutex
Offload thrmgr thread by moving many conn related setup to conn handling threads
Fix signal 6 crash caused by calling pxy_thrmgr_timer_cb() while failed conn is being freed, so use conn thread mutexes and defer adding conn to thr conn list until conn setup succeeds
Other fixes, improvements, and clean-up
 6 years ago
Soner Tari 2f3fda5367 Do not try to close conns on the thrmgr thread after setting event callbacks and/or socket connect 
Use strncpy() instead of memcpy(), to limit max size with dest buffer
 6 years ago
Soner Tari 7b11eb15fa Update copyright year to 2019 6 years ago
Soner Tari 7eb0ebc814 Refactor fd usage code for code reuse 6 years ago
Soner Tari 56c3bdf5d8 Do not try to term/close conns on the thrmgr thread after setting event callbacks and/or socket connect 6 years ago
Soner Tari 76a599d464 Put the getdtablecount() solution back in, otherwise sometimes, although rarely, we get "Error 24 on listener: Too many open files" nonstop, it's better to be safe(r) 6 years ago
Soner Tari 96ecd8e4c3 Pass BEV_OPT_THREADSAFE to bufferevent_socket_new() and similar functions, otherwise if we are out of fds, we get signal 10 or 6 crashes sometimes, nothing else seems to work 6 years ago
Soner Tari 3a6f797917 Do not forget to reset sqlite stmt if userdb is busy or locked, otherwise we get stuck and go out of fds too 
Check retval of event_add() calls
Reduce frequency of userdb atime updates by not updating until idle time reaches more than half of user timeout value, otherwise privsep server can get very busy causing locked userdb
Do not care about multiple matches of IP addresses in arp cache on OpenBSD either
Performance and code reuse improvements, simplifications
 6 years ago
Soner Tari 0d49ba56db Enable user auth support on Linux 6 years ago
Soner Tari 4f4b41d5ad Add user and proto validation info to connection logs 6 years ago
Soner Tari b6f2203495 Validate proxyspec protocols http, pop3, and smtp 6 years ago
Soner Tari 6f37661772 Enable user auth for all supported protos or proxyspec types 6 years ago
Soner Tari c37bcc6de1 Add UserDBPath and UserTimeout options 6 years ago
Soner Tari fd52ba0c56 Refactor, handle error conditions, and clean up 6 years ago
Soner Tari cde3fbca3f Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD 
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
 6 years ago
Soner Tari fb25c45c66 Clean-up 6 years ago
Soner Tari 304207e9e9 Add initial user database support using sqlite3 6 years ago
Soner Tari e132b12d79 Support remote listening programs using ua and ra proxyspec options, address of remote listening program that decrypted packets are diverted to and address SSLproxy is listening for returned packets from remote listening program, respectively 6 years ago
Soner Tari 87403615f9 Remove now unnecessary UNUSED attributes 6 years ago
Soner Tari 670f609d7a Refactor logging code and fix memory leak 6 years ago
Soner Tari 70a22f4515 Do not break the event loop if out of fds, instead properly check all retvals of libevent functions 
So remove getdtable*() solution
 6 years ago
Soner Tari f848248f54 Use better names and fix white space 6 years ago
Soner Tari d0687b3398 Fix double init of protoctx, memory leak 
Free vars where they are allocated, always
 6 years ago