Commit Graph

1010 Commits

Author SHA1 Message Date
Soner Tari
d611ec727d Do not close fd -1, true for tcp conns too 2020-05-06 23:51:45 +03:00
Soner Tari
8a96565d99 Zero out msg buf as in sslsplit
ce5f409dbe
("Zero all bytes when passing file descriptors over AF_UNIX sockets",
2018-11-12)

Also, bufferevent_getfd() returns -1 if no file descriptor is associated
with the bufferevent.
2020-05-06 12:45:55 +03:00
Soner Tari
128838c70f Fix -g flag for lp, use Mk/buildinfo.mk of sslproxy
This is necessary to detect the .git folder at the project root. So
remove Mk/buildinfo.mk of lp.
2020-05-06 02:08:23 +03:00
Soner Tari
3e706ea022 Fix leaks and errors reported by valgrind
Free vars.
Finalize sqlite3 statements.
Close sqlite3 db.
Init memory.
Do not close fd -1.

Some of these may be harmless, but we fix them anyway. Now valgrind
reports 0 "lost" memory, but some "still reachable", both for sslproxy
and lp.
2020-05-06 02:06:08 +03:00
Soner Tari
1d75bfb17f Fix a possible sync issue between thr load and conn children list on error
Refactor and rename functions, struct fields, and vars
Simplify if conditions and fix/improve logs
Clean up
2020-05-05 15:42:41 +03:00
Soner Tari
757ed35687 Do not use privsep to open socket for child listener
We don't need a privsep call to open a socket for child listener,
because listener port of child conns are assigned by the system, hence
are from non-privileged range above 1024.
So the open privsep socket is used only to update user atime now.
2020-05-05 00:50:37 +03:00
Soner Tari
14cfd3286b Update ctime and first atime on conn handling thr, not on thrmgr
This offloads the thrmgr by saving a time() call.
Also remove an unnecessary NULL assignment.
2020-05-04 21:30:50 +03:00
Soner Tari
71dff82305 Terminate conn on socket connect error
And rename a function.
2020-05-04 21:05:35 +03:00
Soner Tari
18c882ad37 Refactor and rename assign/attach conn to thr functions
And fix comments.
2020-05-04 12:16:03 +03:00
Soner Tari
f069637fda Include errno.h in pxyconn.c too to fix travis issue 2020-05-04 00:21:42 +03:00
Soner Tari
61edeeedb1 Include errno.h, revert log.h to fix travis issue 2020-05-04 00:16:12 +03:00
Soner Tari
906d961168 Fix travis issue due to errno
errno and EMFILE are provided by <unistd.h>, but we need log.h anyway,
which includes logger.h, and which includes <unistd.h> in turn.
2020-05-04 00:05:17 +03:00
Soner Tari
6c5165fa6e Update lp with sslproxy changes and clean up 2020-05-03 23:28:21 +03:00
Soner Tari
d3c3059c26 Remove ctx evbase and dnsbase
We already have thr in conn ctx to access its evbase and dnsbase.
2020-05-03 23:20:38 +03:00
Soner Tari
8786b9fda7 Remove pending ssl conns list and in_thr_conns flag
We have carried almost all conn init tasks from thrmgr to conn handling
thread. So we immediately add the conn to the conn list of its thr,
which renders both pending ssl conns list and in_thr_conns flag useless.
2020-05-03 21:05:12 +03:00
Soner Tari
98cda54c47 Reduce and improve debug logs 2020-05-03 16:52:43 +03:00
Soner Tari
c8371e7b3d Decouple thrmgr and conn handling thr on error too
Also add/fix comments, fix debug logs and mistakes.
2020-05-03 14:30:32 +03:00
Soner Tari
229ea2fe0a Convert linked lists to doubly linked lists, so keep track of previous node
The only time we go over the linked list is to check idle or expired
connections, or to print debug info. Otherwise, mostly what we need is
to add and remove list nodes. Removing a list node becomes a very simple
task if we keep track of the previous node too. So now we also keep
record of prev node, and update prev node as we add and remove nodes.
All three linked lists we use benefit from this data structure
improvement, making it very fast to remove a list node.

Another benefit of this change is that we don't need to identify conns
with their id numbers or child conns with their src fds. So now we
directly delete them, without needing to check their ids or fds.
2020-05-03 00:37:19 +03:00
Soner Tari
cc5d877711 Remove BEV_OPT_THREADSAFE
thrmgr and conn handling threads are cleanly decoupled now. So we don't
need BEV_OPT_THREADSAFE anymore.
2020-05-02 19:03:09 +03:00
Soner Tari
f77a7630d5 Disable thr mutex
Do we need a thr mutex? This mutex is for thread-safe access to
thr.load. But thrmgr read-accesses thr.load, and write-accesses are by
thr only. So can we really live without it?
2020-05-02 18:55:22 +03:00
Soner Tari
8b27cfce95 Decouple code for thrmgr and conn handling threads, so create pxythr.c/h 2020-05-02 17:56:40 +03:00
Soner Tari
aab56d42a9 Switch to conn handling thread even earlier
So now we do a couple of expensive tasks on conn handling threads, not
on thrmgr: Add the conn to its thread conn list, check fd usage, nat
lookup dst, and make string src addr.
2020-05-01 23:50:05 +03:00
Soner Tari
033cb732ac Decouple conn init from fd readcb 2020-05-01 14:54:01 +03:00
Soner Tari
191109951d Switch from thrmgr to connection handling thread asap
This prevents possible multithreading issues between thrmgr and conn
handling threads. So we can remove and clean up the code and comments
related with such possible issues now. For example, we can add the conn
to its thread list earlier, and we can handle errors immediately, thanks
to this early switch to conn handling threads. This also helps achieve
cleaner code.
2020-05-01 12:23:16 +03:00
Soner Tari
03453fc76b Refactor to free the buf asap 2020-05-01 12:05:49 +03:00
Soner Tari
0bfe5584e4 Simplify logs printed by *_main and *_main_va macros
Since the *_main and *_main_va macros always pass 0 as fd, and the other
macros fd > 0, we can simplify the main macros.
2020-04-25 22:36:02 +03:00
Soner Tari
05654e3bee Avoid possible crashes caused by passing NULL pointers to str*() functions 2020-04-18 11:28:55 +03:00
Soner Tari
a1f24e26d0 Clean up 2020-04-17 22:14:19 +03:00
Soner Tari
fd3aa5a394 Update lp with sslproxy changes, fix dst events
Enable dst r/w events before socket connect.
Improve verbose debug logs using common header fields to better identify
connections.
Create function macros for fine* debug logs.
2020-04-17 19:36:41 +03:00
Soner Tari
554fd3bd3a Improve code reuse, reduce code, clean up whitespace 2020-04-17 15:31:30 +03:00
Soner Tari
ea57aebf15 Fix mailto 2020-04-17 14:19:03 +03:00
Soner Tari
20eb2533d1 Fix autossl crash upon protocol error, need fuzzing tests
This happens if there was no autossl handshake prior to ClientHello,
e.g. no STARTTLS message. This is perhaps due to the SSL handshake of a
direct SSL connection, i.e. invalid protocol.
We should not crash upon protocol errors, hence the need for fuzzing
tests.
2020-04-17 11:10:28 +03:00
Soner Tari
efa2b48b94 Disable autossl passthrough
Autossl passthrough crashes with signal 10.
2020-04-16 23:04:23 +03:00
Soner Tari
2b702495b0 Remove comixwall.org 2020-04-16 15:33:50 +03:00
Soner Tari
5c2ac6d1bf Remove writecb for srvdst except for passthrough, remove srvdst_connected and dst_connected flags, clean up autossl
We don't do anything in srvdst writecb except for passhtrough mode.
We handle srvdst and dst connect tasks in connectcb for them by
arranging connect events correctly, so we don't need any extra flags.
Correct connect ordering helps us remove code checking if bev exists.
There were a lot of unnecessary code in autossl. Tcp and ssl code are
decoupled now.
2020-04-16 15:23:42 +03:00
Soner Tari
a24ac850b4 Fix readcb and writecb before connected
Do not enable srvdst readcb until connected
Enable read and write callbacks only after connected
2020-04-16 11:59:18 +03:00
Soner Tari
64c0078ecb Update comments about writecb before connected 2020-04-15 22:04:18 +03:00
Soner Tari
a0d74baa43 Update copyright year to 2020 2020-04-14 18:12:16 +03:00
Soner Tari
a34c953ef0 Validate the response from the smtp server to protect the client
Because we directly relay the packets from the server to the client
until we receive the first packet from the client, at which time we xfer
srvdst to the first child conn and effectively disable this readcb,
hence start diverting packets to the listening program.
Improve documentation.
2020-04-14 17:56:47 +03:00
Soner Tari
1445a5cdf8 Fix smtp proto
We enable readcb for srvdst to relay the 220 smtp greeting from the
server to the client, otherwise the conn stalls.
Related with issue #18 too.
2020-04-13 15:35:09 +03:00
Soner Tari
1a0d46587b Check libevent version before calling bufferevent_openssl_set_allow_dirty_shutdown() 2020-04-12 16:37:19 +03:00
Soner Tari
c3c228d8ce Remove ssl_shutdown_retry_delay and SSLShutdownRetryDelay, not used anymore 2020-04-12 16:05:16 +03:00
Soner Tari
10573a1b7c Copy BSDmakefile to subfolders
So we can individually make clean them
2020-04-12 15:51:41 +03:00
Soner Tari
9ad477e0a7 Fix misc issues with autossl
And various improvements
2020-04-12 15:26:28 +03:00
Soner Tari
a0e475b473 Fix SSL shutdown, which fixes conn stall issue with autossl
Otherwise, we cannot properly shutdown the src conn end of an autossl
conn, and when the next conn uses the same fd of that src, the callback
functions (e.g. the writecb) do not fire, which effectively stalls the
conn. This fixes a longtime issue with autossl support.
So remove pxysslshut.c/h files, not used anymore
2020-04-12 15:18:32 +03:00
Soner Tari
50cfe4d789 Fix sslproxy_header_len if port len is 4, i.e. port <= 9999
Otherwise, if we assume that the port is always 5 chars, we leave a NULL
char between the sslproxy header and CRLF, which confuses
pxy_insert_sslproxy_header() and pxy_try_remove_sslproxy_header(), and
we cannot remove the sslproxy header.
2020-04-12 15:02:24 +03:00
Soner Tari
b848df0b0b Use __func__ not __PRETTY_FUNCTION__ as __FUNCTION__ definition
Because __PRETTY_FUNCTION__ prints a detailed function signature on
OpenBSD
2020-04-10 22:17:30 +03:00
Soner Tari
3af16b3228 Improve verbose debug logs using common header fields to better identify connections
Create function macros for fine* debug logs
Fix a few memory leaks when DEBUG_PROXY enabled
Add main.mk to MKFS list
Put a few function params within DEBUG_PROXY directives
Check retval of a snprintf() call
Fix segfault with -w/-W options if no ssl proxyspec specified, also fixed in sslsplit develop: https://github.com/droe/sslsplit/issues/271
Various clean-up
2020-04-09 21:47:09 +03:00
Soner Tari
4503203c1b Remove MEDIUM ciphers
Cipher assertions become useless if we set ciphers to MEDIUM:HIGH, too
many ciphers would be possible
2020-04-05 22:22:36 +03:00
Soner Tari
c2e93dbbc0 Remove NO_TLS10 test case
The problem with LibreSSL 2.7.4 was not that it didn't support tls10,
but that MEDIUM and HIGH cipher definitions were different from the
openssl version of testproxy, hence tests were failing due to no shared
ciphers
2020-04-05 21:52:02 +03:00