From 499f3ac44bbf40db924459030c33c35a0d0c2beb Mon Sep 17 00:00:00 2001
From: Gabor Seljan <sgabe@users.noreply.github.com>
Date: Sun, 24 May 2020 18:58:37 +0200
Subject: [PATCH 1/5] sslh: add transparent proxy support

Signed-off-by: Gabor Seljan <sgabe@users.noreply.github.com>
---
 net/sslh/files/sslh.config | 3 +++
 net/sslh/files/sslh.init   | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/net/sslh/files/sslh.config b/net/sslh/files/sslh.config
index b9e047dc6..c5f832cdf 100644
--- a/net/sslh/files/sslh.config
+++ b/net/sslh/files/sslh.config
@@ -28,5 +28,8 @@ config 'sslh' 'default'
 	# verbose defaults to off
 	# -v
 	option 'verbose' '0'
+	# transparent defaults to false
+	# --transparent
+	option 'transparent' '0'
 	# use external config file
 	# option configfile '/etc/sslh.conf'
diff --git a/net/sslh/files/sslh.init b/net/sslh/files/sslh.init
index 6e71a5394..401beb689 100644
--- a/net/sslh/files/sslh.init
+++ b/net/sslh/files/sslh.init
@@ -47,6 +47,9 @@ start_instance() {
 	# J) http parameter
     config_get val "${section}" http
     [ -n "${val}" ] && append args "--http ${val}"
+	# K) transparent parameter
+	config_get_bool val "${section}" transparent 0
+	[ "${val}" -ne 0 ] && append args "--transparent"
 
 	# Defaults were removed for --user and --pidfile options
 	# in sslh 1.11; Define them here instead.

From 888c580605be2c9aeb9d89af14a74eea4ee91b7f Mon Sep 17 00:00:00 2001
From: Gabor Seljan <sgabe@users.noreply.github.com>
Date: Mon, 25 May 2020 17:25:29 +0200
Subject: [PATCH 2/5] sslh: bump package release

Signed-off-by: Gabor Seljan <sgabe@users.noreply.github.com>
---
 net/sslh/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/sslh/Makefile b/net/sslh/Makefile
index 8ce761b38..e141f99da 100644
--- a/net/sslh/Makefile
+++ b/net/sslh/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sslh
 PKG_VERSION:=v1.20
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://rutschle.net/tech/sslh/

From 4950a3779750bbafe568e8271da5e6e781ed3310 Mon Sep 17 00:00:00 2001
From: Gabor Seljan <sgabe@users.noreply.github.com>
Date: Sun, 24 May 2020 17:51:47 +0200
Subject: [PATCH 3/5] sslh: add http probe config

Signed-off-by: Gabor Seljan <sgabe@users.noreply.github.com>
---
 net/sslh/files/sslh.config | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/sslh/files/sslh.config b/net/sslh/files/sslh.config
index c5f832cdf..cbd767a45 100644
--- a/net/sslh/files/sslh.config
+++ b/net/sslh/files/sslh.config
@@ -10,6 +10,9 @@ config 'sslh' 'default'
 	# ssh defaults to 'localhost:22'
 	# --ssh <sshhost>:<sshport>
 	option 'ssh' ''
+	# http defaults to 'localhost:80'
+	# --http <httphost>:<httpport>
+	option 'http' ''
 	# ssl defaults to 'localhost:443'
 	# --ssl <sslhost>:<sslport>
 	option 'ssl' ''

From f3aaffdd6f4214c01e97601ed0a1baafaae1d48b Mon Sep 17 00:00:00 2001
From: Gabor Seljan <sgabe@users.noreply.github.com>
Date: Sun, 24 May 2020 18:57:15 +0200
Subject: [PATCH 4/5] sslh: add capabilities support

Compile with USELIBCAP=1 to make use of POSIX capabilities. This will
save the required capabilities needed for transparent proxying for
unprivileged processes.

Signed-off-by: Gabor Seljan <sgabe@users.noreply.github.com>
---
 net/sslh/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/sslh/Makefile b/net/sslh/Makefile
index e141f99da..5df307a91 100644
--- a/net/sslh/Makefile
+++ b/net/sslh/Makefile
@@ -26,7 +26,7 @@ define Package/sslh
   CATEGORY:=Network
   SUBMENU:=Routing and Redirection
   TITLE:=SSL/SSH multiplexer
-  DEPENDS:=+libconfig +USE_UCLIBC:libpcre +USE_MUSL:libpcre
+  DEPENDS:=+libconfig +libcap +USE_UCLIBC:libpcre +USE_MUSL:libpcre
   URL:=https://rutschle.net/tech/sslh/README.html
 endef
 
@@ -36,6 +36,7 @@ define Package/sslh/conffiles
 endef
 
 MAKE_FLAGS += \
+  USELIBCAP=1 \
   $(if $(CONFIG_USE_GLIBC),USELIBPCRE=,USELIBPCRE=1)
 
 define Package/sslh/install

From 46c253dfcaba4ee9cb8299d3c895e399bf282bb8 Mon Sep 17 00:00:00 2001
From: Gabor Seljan <sgabe@users.noreply.github.com>
Date: Sun, 24 May 2020 17:44:25 +0200
Subject: [PATCH 5/5] sslh: use tls option instead of deprecated ssl

Upstream will drop support for the ssl option in the next future version.

Signed-off-by: Gabor Seljan <sgabe@users.noreply.github.com>
---
 net/sslh/files/sslh.config | 6 +++---
 net/sslh/files/sslh.init   | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/sslh/files/sslh.config b/net/sslh/files/sslh.config
index cbd767a45..242c46ced 100644
--- a/net/sslh/files/sslh.config
+++ b/net/sslh/files/sslh.config
@@ -13,9 +13,9 @@ config 'sslh' 'default'
 	# http defaults to 'localhost:80'
 	# --http <httphost>:<httpport>
 	option 'http' ''
-	# ssl defaults to 'localhost:443'
-	# --ssl <sslhost>:<sslport>
-	option 'ssl' ''
+	# tls defaults to 'localhost:443'
+	# --tls <tlshost>:<tlsport>
+	option 'tls' ''
 	# openvpn defaults to 'localhost:1194'
 	# --openvpn <openvpnhost>:<openvpnport>
 	option 'openvpn' ''
diff --git a/net/sslh/files/sslh.init b/net/sslh/files/sslh.init
index 401beb689..8d7d1f185 100644
--- a/net/sslh/files/sslh.init
+++ b/net/sslh/files/sslh.init
@@ -22,9 +22,9 @@ start_instance() {
 	# B) ssh parameter
 	config_get val "${section}" ssh
 	[ -n "${val}" ] && append args "--ssh ${val}"
-	# C) ssl parameter
-	config_get val "${section}" ssl
-	[ -n "${val}" ] && append args "--ssl ${val}"
+	# C) tls parameter
+	config_get val "${section}" tls
+	[ -n "${val}" ] && append args "--tls ${val}"
 	# D) openvpn parameter
 	config_get val "${section}" openvpn
 	 [ -n "${val}" ] && append args "--openvpn ${val}"