Soner Tari
bf67b617c2
Keep track of ssl conns waiting for the first packet, and remove them if they time out
...
Otherwise if no packet arrives, hence readcb does not fire, that ssl conn is lost causing memory and fd leak
Accepting a connection does not mean that a packet will be received
Use better names
2019-03-22 15:21:39 +03:00
Soner Tari
dc788862a9
Reintroduce BEV_OPT_THREADSAFE flag, after a signal 10 crash involving buffer events
...
Rearrange and fix fd close locations and conn termination
2019-03-21 06:06:56 +03:00
Soner Tari
6f2cf92e51
Do not pass BEV_OPT_THREADSAFE flag to bufferevent new socket/filter functions anymore: Multithreading issues seems to be solved now
2019-03-19 17:17:57 +03:00
Soner Tari
e145ca6eed
Refactor add/remove conn/child code
...
Fix whitespace
2019-03-19 02:54:48 +03:00
Soner Tari
cc0b94c17f
Do not do anything with the conn ctx on the thrmgr thread after setting event callbacks and/or socket connect
...
Always lock conn thr while reading ctx fields, otherwise we may get wrong values
2019-03-18 03:59:40 +03:00
Soner Tari
17122fa6a8
Always keep thr load and conns list in sync
2019-03-17 18:57:33 +03:00
Soner Tari
c43e359a1b
Do not modify thr stats without locking, otherwise max fd stats were sometimes wrong
2019-03-16 23:19:48 +03:00
Soner Tari
3147723774
Add attribs, enclose debug params between debug macros, and improve documentation
2019-03-16 00:44:12 +03:00
Soner Tari
dcaaa49f90
Improve documentation and use better names
2019-03-15 15:39:15 +03:00
Soner Tari
362a87ac6d
Update documentation
2019-03-15 02:38:08 +03:00
Soner Tari
79ad5e86cc
Fix expired conn handling, signal 6 crash: Do not lock conn thr mutex twice while freeing expired conns
...
Fix passthrough mode: Do not SSL_free() srvdst ssl anymore and do not add conn to thr conns list twice
2019-03-15 00:20:53 +03:00
Soner Tari
bf513b1c37
Improvements
2019-03-14 21:21:07 +03:00
Soner Tari
844e68116a
Move userauth from thrmgr thread to conn handling threads, and do not enable r/w callbacks until userauth succeeds
...
Lock conn thread instead of thrmgr thread while adding conns (giant thrmgr lock versus conn thread level locks), so add conn thread mutex and remove thrmgr mutex
Offload thrmgr thread by moving many conn related setup to conn handling threads
Fix signal 6 crash caused by calling pxy_thrmgr_timer_cb() while failed conn is being freed, so use conn thread mutexes and defer adding conn to thr conn list until conn setup succeeds
Other fixes, improvements, and clean-up
2019-03-14 03:47:03 +03:00
Soner Tari
2f3fda5367
Do not try to close conns on the thrmgr thread after setting event callbacks and/or socket connect
...
Use strncpy() instead of memcpy(), to limit max size with dest buffer
2019-03-13 17:11:54 +03:00
Soner Tari
7b11eb15fa
Update copyright year to 2019
2019-03-13 14:42:40 +03:00
Soner Tari
7eb0ebc814
Refactor fd usage code for code reuse
2019-03-12 21:41:16 +03:00
Soner Tari
56c3bdf5d8
Do not try to term/close conns on the thrmgr thread after setting event callbacks and/or socket connect
2019-03-12 19:36:30 +03:00
Soner Tari
76a599d464
Put the getdtablecount() solution back in, otherwise sometimes, although rarely, we get "Error 24 on listener: Too many open files" nonstop, it's better to be safe(r)
2019-03-11 02:41:16 +03:00
Soner Tari
96ecd8e4c3
Pass BEV_OPT_THREADSAFE to bufferevent_socket_new() and similar functions, otherwise if we are out of fds, we get signal 10 or 6 crashes sometimes, nothing else seems to work
2019-03-11 01:56:09 +03:00
Soner Tari
3a6f797917
Do not forget to reset sqlite stmt if userdb is busy or locked, otherwise we get stuck and go out of fds too
...
Check retval of event_add() calls
Reduce frequency of userdb atime updates by not updating until idle time reaches more than half of user timeout value, otherwise privsep server can get very busy causing locked userdb
Do not care about multiple matches of IP addresses in arp cache on OpenBSD either
Performance and code reuse improvements, simplifications
2019-03-10 04:26:00 +03:00
Soner Tari
0d49ba56db
Enable user auth support on Linux
2019-03-09 18:17:05 +03:00
Soner Tari
4f4b41d5ad
Add user and proto validation info to connection logs
2019-03-09 01:09:08 +03:00
Soner Tari
56ddbcb5c8
Update version to 0.5.10
2019-03-08 20:24:08 +03:00
Soner Tari
b6f2203495
Validate proxyspec protocols http, pop3, and smtp
2019-03-07 23:14:53 +03:00
Soner Tari
f3e7a359a6
Update documentation with user auth feature
2019-03-06 22:43:43 +03:00
Soner Tari
6f37661772
Enable user auth for all supported protos or proxyspec types
2019-03-06 01:09:02 +03:00
Soner Tari
fcd24a2cbe
Do not terminate redirected connection until src outbuf is empty, otherwise 302 redirection may not have been sent yet
2019-03-05 19:11:08 +03:00
Soner Tari
1f451aa04d
Change user db table name to users, change mac column name to ether
...
Clean up
2019-03-02 03:44:14 +03:00
Soner Tari
c37bcc6de1
Add UserDBPath and UserTimeout options
2019-03-02 02:52:48 +03:00
Soner Tari
fd52ba0c56
Refactor, handle error conditions, and clean up
2019-03-02 02:04:53 +03:00
Soner Tari
cde3fbca3f
Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD
...
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
2019-03-01 02:08:24 +03:00
Soner Tari
fb25c45c66
Clean-up
2019-02-16 17:52:57 +03:00
Soner Tari
304207e9e9
Add initial user database support using sqlite3
2019-02-16 17:29:14 +03:00
Soner Tari
19f68a2800
Fix documentation
2019-02-03 22:48:20 +03:00
Soner Tari
588122b512
Explain support for remote listening programs in README
2019-01-07 01:05:48 +03:00
Soner Tari
e132b12d79
Support remote listening programs using ua and ra proxyspec options, address of remote listening program that decrypted packets are diverted to and address SSLproxy is listening for returned packets from remote listening program, respectively
2019-01-06 18:09:17 +03:00
Soner Tari
c0a943beb6
Release v0.5.9
2018-12-11 21:58:45 +03:00
Soner Tari
87403615f9
Remove now unnecessary UNUSED attributes
2018-12-01 00:36:03 +03:00
Soner Tari
670f609d7a
Refactor logging code and fix memory leak
2018-11-30 14:28:51 +03:00
Soner Tari
70a22f4515
Do not break the event loop if out of fds, instead properly check all retvals of libevent functions
...
So remove getdtable*() solution
2018-11-30 02:49:37 +03:00
Soner Tari
f848248f54
Use better names and fix white space
2018-11-10 23:33:12 +03:00
Soner Tari
d0687b3398
Fix double init of protoctx, memory leak
...
Free vars where they are allocated, always
2018-11-10 20:46:39 +03:00
Soner Tari
83468afb1f
Fix ssl setup error handling, ssl ctx does not have any proto arg, so arg is always null at that point
2018-11-10 19:22:16 +03:00
Soner Tari
3f148cf3b9
Move thrmgr->conn_count inc for conn id back to conn acceptcb, because acceptcb runs on thrmgr thread which is single threaded, so there is no multithreading issues there
2018-11-09 12:32:16 +03:00
Soner Tari
360b951ade
Prevent possible multithreading issues, which would not cause crashes but incorrect conn ids and memory leaks due to broken thread conn linked lists
2018-11-09 02:10:08 +03:00
Soner Tari
3d1ed7c8d2
Fix the link for The Risks of SSL Inspection, markdown doesn't like the new line in between caption and link
2018-11-06 21:44:25 +03:00
Soner Tari
3fd02eee9d
Use available_fds() on osx to detect out of file descriptors condition, borrowed from opensmtpd
2018-11-03 20:57:50 +03:00
Soner Tari
e1d96a874e
Disable getdtablecount() on osx, temporarily
2018-11-03 20:23:54 +03:00
Soner Tari
7847486bc4
Try to fix travis osx build, osx does not have getdtablecount() either
2018-11-03 19:23:13 +03:00
Soner Tari
77b81aa45f
Fix travis osx build
2018-11-03 18:50:49 +03:00