forked from yrutschle/sslh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sslhconf.cfg
279 lines (265 loc) · 11.5 KB
/
sslhconf.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
# This is a configuration file for the configuration
# generator: it is used by
# conf2struct(http://www.rutschle.net/tech/conf2struct/README.html)
# to generate the config file and command line parser in
# sslh-conf.c
header: "sslh-conf.h";
parser: "sslh-conf.c";
printer: true;
conffile_option: ("F", "config");
# List of includes to define runtime types
# (bug in libconfig? if swallows the brackets if they start
# the string)
includes: (
"probe.h",
" <sys/types.h>",
" <sys/socket.h>",
" <netdb.h>"
);
config: {
name : "sslhcfg",
type: "list",
items: (
{ name: "verbose-config"; type: "int"; default: 0;
description: "Print configuration at startup" },
{ name: "verbose-config-error"; type: "int"; default: 3;
description: "Print configuration errors" },
{ name: "verbose-connections"; type: "int"; default: 3;
description: "Trace established incoming address to forward address" },
{ name: "verbose-connections-try"; type: "int"; default: 0;
description: "Connection errors" },
{ name: "verbose-connections-error"; type: "int"; default: 3;
description: "Connection attempts towards targets" },
{ name: "verbose-fd"; type: "int"; default: 0;
description: "File descriptor activity, open/close/whatnot" },
{ name: "verbose-packets"; type: "int"; default: 0;
description: "Hexdump packets on which probing is done" },
{ name: "verbose-probe-info"; type: "int"; default: 0;
description: "Trace the probe process" },
{ name: "verbose-probe-error"; type: "int"; default: 3;
description: "Failures and problems during probing" },
{ name: "verbose-system-error"; type: "int"; default: 3;
description: "System call failures" },
{ name: "verbose-int-error"; type: "int"; default: 3;
description: "Internal errors that should never happen" },
{ name: "version"; type: "bool"; default: false;
short: "V";
description: "Print version information and exit"; },
{ name: "foreground"; type: "bool"; default: false;
short: "f";
description: "Run in foreground instead of as a daemon"; },
{ name: "inetd"; type: "bool"; default: false;
short: "i";
description: "Run in inetd mode: use stdin/stdout instead of network listen"; },
{ name: "numeric"; type: "bool"; default: false;
short: "n";
description: "Print IP addresses and ports as numbers"; },
{ name: "transparent"; type: "bool"; default: false;
description: "Set up as a transparent proxy"; },
{ name: "timeout"; type: "int"; default: 5;
short: "t";
description: "Set up timeout before connecting to default target"; },
{ name: "udp_max_connections"; type: "int"; default: 1024;
description: "Number of concurrent UDP connections"; },
{ name: "user"; type: "string"; optional: true;
short: "u";
description: "Username to change to after set-up"; },
{ name: "pidfile"; type: "string"; optional: true;
short: "P"; argdesc: "<file>";
description: "Path to file to store PID of current instance"; },
{ name: "chroot"; type: "string"; optional: true;
short: "C"; argdesc: "<path>";
description: "Root to change to after set-up"; },
{ name: "syslog_facility"; type: "string"; default: "auth";
description: "Facility to syslog to"; },
{ name: "logfile"; type: "string"; optional: true;
description: "Log messages to a file" },
{ name: "on-timeout"; type: "string"; default: "ssh";
description: "Target to connect to when timing out"; },
{ name: "prefix"; type: "string"; default: ""; description: "Reserved for testing" }, # For echosrv only, not sslh
{ name: "listen",
no_cl_accessors: true; # disable generation of individual cl options for each group element (we create a specific --listen option further below)
type: "list",
items: (
{ name: "host"; type: "string"; var: true; },
{ name: "port"; type: "string"; var: true; },
{ name: "is_udp"; type: "bool"; default: false },
{ name: "keepalive"; type: "bool"; default: false; }
)
},
{ name: "protocols",
no_cl_accessors: true;
type: "list",
items: (
{ name: "name"; type: "string"; },
{ name: "host"; type: "string"; var: true; },
{ name: "port"; type: "string"; var: true; },
{ name: "service"; type: "string"; optional: true; },
{ name: "is_udp"; type: "bool"; default: false },
{ name: "udp_timeout"; type: "int"; default: 60 },
{ name: "fork"; type: "bool"; default: false },
{ name: "tfo_ok"; type: "bool"; default: false;
description: "Set to true if this protocol supports TCP FAST OPEN" },
{ name: "transparent"; type: "bool"; default: false;
description: "Set to proxy this protocol transparently" },
{ name: "resolve_on_forward"; type: "bool"; default: false;
description: "Set to true if server address should be resolved on (every) newly incoming connection (again)" },
{ name: "log_level"; type: "int"; default: 1 },
{ name: "keepalive"; type: "bool"; default: false },
{ name: "sni_hostnames",
type: "array",
element_type: "string"
},
{ name: "alpn_protocols",
type: "array",
element_type: "string"
},
{ name: "regex_patterns",
type: "array",
element_type: "string"
},
{ name: "minlength"; type: "int"; optional: true },
# Runtime data
{ name: "probe"; type: "runtime"; c_type: "T_PROBE*" },
{ name: "saddr"; type: "runtime"; c_type: "struct addrinfo*" },
{ name: "data"; type: "runtime"; c_type: "void*" },
{ name: "timeouts"; type: "runtime"; c_type: "dl_list" }
)
}
)
}
# Command line for list settings: additional options that
# can set up several settings at once. Each option will
# create a new group setting entry if required (with
# defaults set up)
# This only works with string targets
# This may not be the right abstraction at all and way too
# sslh-centric
cl_groups: (
{ name: "listen"; pattern: "(.+):(\w+)"; description: "Listen on host:port";
short: "p"; argdesc: "<host:port>";
list: "listen";
# no override, this just adds to the list (and thus can be specified several times)
targets: (
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
);
},
{ name: "ssh"; pattern: "(.+):(\w+)"; description: "Set up ssh target";
list: "protocols"; # List name that we're defining with this command line option
override: "name"; # Field in the group to override. If not found in list, add an item
# (it's mandatory to have that field as one of the targets
# below)
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "ssh" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "fork"; value: 1 },
{ path: "log_level"; value: 1 },
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "tls"; pattern: "(.+):(\w+)"; description: "Set up TLS/SSL target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "tls" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 },
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "openvpn"; pattern: "(.+):(\w+)"; description: "Set up OpenVPN target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "openvpn" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 },
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "tinc"; pattern: "(.+):(\w+)"; description: "Set up tinc target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "tinc" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 },
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "xmpp"; pattern: "(.+):(\w+)"; description: "Set up XMPP target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "xmpp" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 }
);
},
{ name: "http"; pattern: "(.+):(\w+)"; description: "Set up HTTP (plain) target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "http" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 }
);
},
{ name: "adb"; pattern: "(.+):(\w+)"; description: "Set up ADB (Android Debug) target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "adb" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 }
);
},
{ name: "socks5"; pattern: "(.+):(\w+)"; description: "Set up socks5 target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "socks5" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 }
);
},
{ name: "syslog"; pattern: "(.+):(\w+)"; description: "Set up syslog target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "syslog" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 }
);
},
{ name: "anyprot"; pattern: "(.+):(\w+)"; description: "Set up default target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "anyprot" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "log_level"; value: 1 }
);
}
)