sslh: Add support for external config file

This allows users to use an external config file if required (for example matching packets based on SNI hostname or REGEX patterns). Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com> Signed-off-by: Mircea Horea IONICĂ <mionica@gmail.com>
2017-03-31 19:33:24 +01:00 · 2017-03-31 19:33:24 +01:00 · 727cb7e6e7
commit 727cb7e6e7
parent 16ac0e8205
4 changed files with 49 additions and 8 deletions
--- a/net/sslh/Makefile
+++ b/net/sslh/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=sslh
 PKG_VERSION:=v1.18
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://rutschle.net/tech/sslh/
@ -24,12 +24,14 @@ define Package/sslh
  CATEGORY:=Network
  SUBMENU:=Routing and Redirection
  TITLE:=SSL/SSH multiplexer
+  DEPENDS:=+libconfig +USE_UCLIBC:libpcre +USE_MUSL:libpcre
  URL:=http://rutschle.net/tech/sslh.shtml
  PKG_MAINTAINER:=Jonathan McCrohan <jmccrohan@gmail.com>
 endef

 define Package/sslh/conffiles
 /etc/config/sslh
+/etc/sslh.conf
 endef

 define Build/Compile
@ -37,10 +39,11 @@ define Build/Compile
 		CC="$(TARGET_CC)" \
 		CFLAGS="$(TARGET_CFLAGS)" \
 		LDFLAGS="$(TARGET_LDFLAGS)" \
-		ENABLE_REGEX= \
-		USELIBCONFIG= \
+		ENABLE_REGEX=1 \
+		USELIBCONFIG=1 \
 		USELIBWRAP= \
 		USELIBPCRE= \
+		$(if $(CONFIG_USE_GLIBC),USELIBPCRE=,USELIBPCRE=1)\
 		all
 endef

@ -51,6 +54,7 @@ define Package/sslh/install
 	$(INSTALL_BIN) files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME)
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) files/$(PKG_NAME).config $(1)/etc/config/$(PKG_NAME)
+	$(INSTALL_CONF) $(PKG_BUILD_DIR)/basic.cfg $(1)/etc/sslh.conf
 endef

 $(eval $(call BuildPackage,sslh))
--- a/net/sslh/files/sslh.config
+++ b/net/sslh/files/sslh.config
@ -28,3 +28,5 @@ config 'sslh' 'default'
 	# verbose defaults to off
 	# -v
 	option 'verbose' '0'
+	# use external config file
+	# option configfile '/etc/sslh.conf'
--- a/net/sslh/files/sslh.init
+++ b/net/sslh/files/sslh.init
@ -26,12 +26,12 @@ start_instance() {
 	config_get val "${section}" ssl
 	[ -n "${val}" ] && append args "--ssl ${val}"
 	# D) openvpn parameter
-        config_get val "${section}" openvpn
-        [ -n "${val}" ] && append args "--openvpn ${val}"
+	config_get val "${section}" openvpn
+	 [ -n "${val}" ] && append args "--openvpn ${val}"
 	# E) tinc parameter
-        config_get val "${section}" tinc
-        [ -n "${val}" ] && append args "--tinc ${val}"
-	# F) xmpp parameter
+	config_get val "${section}" tinc
+	 [ -n "${val}" ] && append args "--tinc ${val}"
+	 # F) xmpp parameter
 	config_get val "${section}" xmpp
 	[ -n "${val}" ] && append args "--xmpp ${val}"
 	# G) timeout (before a connection is considered to be SSH)
@ -41,6 +41,9 @@ start_instance() {
 	local verbosed
 	config_get_bool verbosed "${section}" verbose 0
 	[ "${verbosed}" -ne 0 ] && append args "-v"
+	 # I) sslh config file (cmd line args override file settings)
+	config_get val "${section}" configfile
+	[ -n "${val}" ] && append args "-F${val}"

 	# Defaults were removed for --user and --pidfile options
 	# in sslh 1.11; Define them here instead.
--- a/net/sslh/patches/002-configfile-fix.patch
+++ b/net/sslh/patches/002-configfile-fix.patch
@ -0,0 +1,32 @@
+diff --git a/basic.cfg b/basic.cfg
+index 54a799c..d938767 100644
+--- a/basic.cfg
+++ b/basic.cfg
+@@ -1,3 +1,7 @@
+# **** Attention OpenWRT/LEDE Users ****
+# sslh command line arguments override arguments defined in this
+# configuration file (UCI uses command line arguments)
+
+ # This is a basic configuration file that should provide
+ # sensible values for "standard" setup.
+ 
+@@ -14,15 +18,16 @@ pidfile: "/var/run/sslh.pid";
+ # Change hostname with your external address name.
+ listen:
+ (
+-    { host: "thelonious"; port: "443"; }
+    { host: "0.0.0.0"; port: "443"; },
+    { host: "[::]"; port: "443"; }
+ );
+ 
+ protocols:
+ (
+      { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; },
+      { name: "openvpn"; host: "localhost"; port: "1194"; },
+-     { name: "xmpp"; host: "localhost"; port: "5222"; },
+-     { name: "http"; host: "localhost"; port: "80"; },
+#    { name: "xmpp"; host: "localhost"; port: "5222"; },
+#    { name: "http"; host: "localhost"; port: "80"; },
+      { name: "ssl"; host: "localhost"; port: "443"; log_level: 0; },
+      { name: "anyprot"; host: "localhost"; port: "443"; }
+ );