Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id BD1B71A923C for ; Sat, 1 Jan 2022 16:47:23 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 1735684CFC; Sat, 1 Jan 2022 16:47:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 4FB2F84CFC for ; Sat, 1 Jan 2022 16:47:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id MuKhNiuNV38b for ; Sat, 1 Jan 2022 16:47:21 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 4664684CE3 for ; Sat, 1 Jan 2022 16:47:21 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 3FDACFAEC; Sat, 1 Jan 2022 16:47:21 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1641055641207410" MIME-Version: 1.0 Date: Sat, 1 Jan 2022 16:47:21 +0000 From: "Olaf Seibert" Subject: CVS commit: pkgsrc/net/sslh To: pkgsrc-changes@NetBSD.org Reply-To: rhialto@netbsd.org X-Mailer: log_accum Message-Id: <20220101164721.3FDACFAEC@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1641055641207410 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: rhialto Date: Sat Jan 1 16:47:21 UTC 2022 Modified Files: pkgsrc/net/sslh: Makefile distinfo pkgsrc/net/sslh/patches: patch-common.h patch-echosrv.c patch-sslh-select.c Log Message: net/sslh: update to 1.22c - sslh-select now supports UDP protocols. Probes specified in the protocols configuration entry are tried on incoming packets, TCP or UDP, and forwarded based on the input protocol (an incoming TCP connection will be forwarded as TCP, and same with UDP). This has been tested with DNS as shown in udp.cfg: incoming packets that contain my domain name are assumed to be a DNS request and forwarded accordingly. Note this could cause problems if combined with incoming TLS with SNI. UDP clients and servers need to agree on the IPv4/IPv6 they use: use the same protocol on all sides! Often, this means explicitely using `ip4-localhost'. UDP sender-receiver pairs (connections, so to speak) are kept for 60s, which can be changed with udp_timeout in the configuration. - Added probes for UDP protocols QUICK and Teamspeak. - Added probes for syslog protocol. - sslh-select refactored to change linear searches through connections to linear searches through fd_set. - Fixed a libconfig call to support libconfig 1.7.3. - Added symbol to support libconfig 1.4.9, still in use in CentOS7. - Warn about unknown settings in the configuration file. - Added per-protocol transparent option. sslh-fork drops the capability after creating the server-side transparent socket. Transparent now uses CAP_NET_RAW instead of CAP_NET_ADMIN. - Removed compile-time option to use POSIX regex. Now regex must be PCRE2 (Perl-Compatible). This was in fact the case since v1.21, as PCRE are used to parse the config file. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/sslh/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/sslh/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/sslh/patches/patch-common.h \ pkgsrc/net/sslh/patches/patch-echosrv.c cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/sslh/patches/patch-sslh-select.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1641055641207410 Content-Disposition: inline Content-Length: 7729 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/sslh/Makefile diff -u pkgsrc/net/sslh/Makefile:1.15 pkgsrc/net/sslh/Makefile:1.16 --- pkgsrc/net/sslh/Makefile:1.15 Sun Jun 13 12:04:21 2021 +++ pkgsrc/net/sslh/Makefile Sat Jan 1 16:47:20 2022 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.15 2021/06/13 12:04:21 rhialto Exp $ +# $NetBSD: Makefile,v 1.16 2022/01/01 16:47:20 rhialto Exp $ -DISTNAME= sslh-1.21c +DISTNAME= sslh-1.22c CATEGORIES= net MASTER_SITES= ${MASTER_SITE_GITHUB:=yrutschle/} GITHUB_TAG= v${PKGVERSION_NOREV} @@ -40,6 +40,6 @@ do-install: .include "../../devel/libconfig/buildlink3.mk" .include "../../devel/libgetopt/buildlink3.mk" -.include "../../devel/pcre/buildlink3.mk" +.include "../../devel/pcre2/buildlink3.mk" .include "../../security/tcp_wrappers/buildlink3.mk" .include "../../mk/bsd.pkg.mk" Index: pkgsrc/net/sslh/distinfo diff -u pkgsrc/net/sslh/distinfo:1.13 pkgsrc/net/sslh/distinfo:1.14 --- pkgsrc/net/sslh/distinfo:1.13 Tue Oct 26 11:06:58 2021 +++ pkgsrc/net/sslh/distinfo Sat Jan 1 16:47:20 2022 @@ -1,12 +1,9 @@ -$NetBSD: distinfo,v 1.13 2021/10/26 11:06:58 nia Exp $ +$NetBSD: distinfo,v 1.14 2022/01/01 16:47:20 rhialto Exp $ -BLAKE2s (sslh-1.21c.tar.gz) = f8a6a048eaf9fa88d79a39237bc6aaed761740c93fe03b935586389eee81d3e8 -SHA512 (sslh-1.21c.tar.gz) = 9446c6afe965684c5d6406ac8917338f57d95f8fbfacd7a51193dd5dbac77e1ed5e39eb8e2575e7025a8612b25e9fba7e64832a48c999f366875217b9328da22 -Size (sslh-1.21c.tar.gz) = 111895 bytes -SHA1 (patch-argtable3.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 +BLAKE2s (sslh-1.22c.tar.gz) = 81e3a9d77b7c0030e4cf8edf3344f3e4fd06736952939aa66c55b0d6aa0176e2 +SHA512 (sslh-1.22c.tar.gz) = f13560fbe74b5b08e9b360985d6afd27f2c7e157d220919162e354f3711b90f43bb81f9bda341fb21fef2651acd488f52e9a04dc2da28861540f579e7ca798c4 +Size (sslh-1.22c.tar.gz) = 146954 bytes SHA1 (patch-common.c) = e5aa0cc38e9c62a765400b08ed700e9d2f08f2db -SHA1 (patch-common.h) = 3e4cc77aeedf9fa4e94329dcf1c1c65099d3ae68 -SHA1 (patch-echosrv.c) = 611044fd7ed1fd52c44e2d8ff393091c35478e17 -SHA1 (patch-sslh-conf.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 -SHA1 (patch-sslh-main.c) = 059fd93a7412fc2ca38b29ae0c65783f4213e77c -SHA1 (patch-sslh-select.c) = d470e6dc803164fbdfa77ddc189cdb4dd7672bd4 +SHA1 (patch-common.h) = d89c6ce3f9a4f2b4b4c734adcafd0eed6abca84e +SHA1 (patch-echosrv.c) = 96832c2391ff63cd96efa8e65270be6845f4a306 +SHA1 (patch-sslh-select.c) = ea07bf85d6ccdcd3815d49bb0131439573152502 Index: pkgsrc/net/sslh/patches/patch-common.h diff -u pkgsrc/net/sslh/patches/patch-common.h:1.2 pkgsrc/net/sslh/patches/patch-common.h:1.3 --- pkgsrc/net/sslh/patches/patch-common.h:1.2 Sun Jun 13 12:04:21 2021 +++ pkgsrc/net/sslh/patches/patch-common.h Sat Jan 1 16:47:21 2022 @@ -1,10 +1,10 @@ -$NetBSD: patch-common.h,v 1.2 2021/06/13 12:04:21 rhialto Exp $ +$NetBSD: patch-common.h,v 1.3 2022/01/01 16:47:21 rhialto Exp $ Avoid queue variable conflict. ---- common.h.orig 2020-07-30 07:45:50.000000000 +0000 +--- common.h.orig 2021-08-28 14:33:20.000000000 +0000 +++ common.h -@@ -85,7 +85,7 @@ enum connection_state { +@@ -88,7 +88,7 @@ enum connection_state { /* A 'queue' is composed of a file descriptor (which can be read from or * written to), and a queue for deferred write data */ @@ -13,27 +13,27 @@ Avoid queue variable conflict. int fd; void *begin_deferred_data; void *deferred_data; -@@ -100,7 +100,7 @@ struct connection { +@@ -106,7 +106,7 @@ struct connection { /* q[0]: queue for external connection (client); * q[1]: queue for internal connection (httpd or sshd); * */ - struct queue q[2]; + struct sslhqueue q[2]; - }; - #define FD_CNXCLOSED 0 -@@ -118,7 +118,7 @@ struct connection_desc { - /* common.c */ + /* SOCK_DGRAM */ + struct sockaddr client_addr; /* Contains the remote client address */ +@@ -148,7 +148,7 @@ typedef enum { void init_cnx(struct connection *cnx); - int connect_addr(struct connection *cnx, int fd_from); + int set_nonblock(int fd); + int connect_addr(struct connection *cnx, int fd_from, connect_blocking blocking); -int fd2fd(struct queue *target, struct queue *from); +int fd2fd(struct sslhqueue *target, struct sslhqueue *from); char* sprintaddr(char* buf, size_t size, struct addrinfo *a); void resolve_name(struct addrinfo **out, char* fullname); int get_connection_desc(struct connection_desc* desc, const struct connection *cnx); -@@ -135,8 +135,8 @@ int resolve_split_name(struct addrinfo * +@@ -166,8 +166,8 @@ int resolve_split_name(struct addrinfo * - int start_listen_sockets(int *sockfd[], struct addrinfo *addr_list); + int start_listen_sockets(struct listen_endpoint *sockfd[]); -int defer_write(struct queue *q, void* data, int data_size); -int flush_deferred(struct queue *q); Index: pkgsrc/net/sslh/patches/patch-echosrv.c diff -u pkgsrc/net/sslh/patches/patch-echosrv.c:1.2 pkgsrc/net/sslh/patches/patch-echosrv.c:1.3 --- pkgsrc/net/sslh/patches/patch-echosrv.c:1.2 Fri Nov 28 10:45:28 2014 +++ pkgsrc/net/sslh/patches/patch-echosrv.c Sat Jan 1 16:47:21 2022 @@ -1,15 +1,17 @@ -$NetBSD: patch-echosrv.c,v 1.2 2014/11/28 10:45:28 bsiegert Exp $ +$NetBSD: patch-echosrv.c,v 1.2 2014/11/28 10:45:28 bsiegert Exp -* getopt_long_only does not exist on NetBSD getopt. +Provide allow_severity and deny_severity for libwrap. ---- echosrv.c.orig 2014-02-11 21:06:01.000000000 +0000 +--- echosrv.c.orig 2022-01-01 16:38:28.450058726 +0000 +++ echosrv.c -@@ -64,7 +64,7 @@ void parse_cmdline(int argc, char* argv[ - }; - struct addrinfo **a; +@@ -41,6 +41,10 @@ + #define SA_NOCLDWAIT 0 + #endif -- while ((c = getopt_long_only(argc, argv, "l:p:", options, NULL)) != -1) { -+ while ((c = getopt_long(argc, argv, "l:p:", options, NULL)) != -1) { - if (c == 0) continue; ++#ifdef LIBWRAP ++int allow_severity =0, deny_severity = 0; ++#endif ++ + struct echocfg_item cfg; - switch (c) { + void check_res_dump(int res, struct addrinfo *addr, char* syscall) Index: pkgsrc/net/sslh/patches/patch-sslh-select.c diff -u pkgsrc/net/sslh/patches/patch-sslh-select.c:1.1 pkgsrc/net/sslh/patches/patch-sslh-select.c:1.2 --- pkgsrc/net/sslh/patches/patch-sslh-select.c:1.1 Tue Aug 15 13:13:36 2017 +++ pkgsrc/net/sslh/patches/patch-sslh-select.c Sat Jan 1 16:47:21 2022 @@ -1,25 +1,24 @@ -$NetBSD: patch-sslh-select.c,v 1.1 2017/08/15 13:13:36 jperkin Exp $ +$NetBSD: patch-sslh-select.c,v 1.2 2022/01/01 16:47:21 rhialto Exp $ Avoid queue variable conflict. ---- sslh-select.c.orig 2016-03-29 19:19:05.000000000 +0000 +--- sslh-select.c.orig 2021-08-28 14:33:20.000000000 +0000 +++ sslh-select.c -@@ -131,7 +131,7 @@ int accept_new_connection(int listen_soc - /* Connect queue 1 of connection to SSL; returns new file descriptor */ - int connect_queue(struct connection *cnx, fd_set *fds_r, fd_set *fds_w) +@@ -129,7 +129,7 @@ static struct connection* accept_new_con + static int connect_queue(struct connection* cnx, + struct select_info* fd_info) { - struct queue *q = &cnx->q[1]; + struct sslhqueue *q = &cnx->q[1]; - q->fd = connect_addr(cnx, cnx->q[0].fd); + q->fd = connect_addr(cnx, cnx->q[0].fd, NON_BLOCKING); if ((q->fd != -1) && fd_is_in_range(q->fd)) { -@@ -156,7 +156,8 @@ int connect_queue(struct connection *cnx - void shovel(struct connection *cnx, int active_fd, - fd_set *fds_r, fd_set *fds_w) +@@ -153,7 +153,7 @@ static int connect_queue(struct connecti + */ + static void shovel(struct connection *cnx, int active_fd, struct select_info* fd_info) { - struct queue *read_q, *write_q; + struct sslhqueue *read_q, *write_q; -+ read_q = &cnx->q[active_fd]; write_q = &cnx->q[1-active_fd]; --_----------=_1641055641207410--