forked from yrutschle/sslh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sslhconf.cfg
208 lines (198 loc) · 7.88 KB
/
sslhconf.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
# This is a configuration file for the configuration
# generator: it is used by
# conf2struct(http://www.rutschle.net/tech/conf2struct/README.html)
# to generate the config file and command line parser in
# sslh-conf.c
header: "sslh-conf.h";
parser: "sslh-conf.c";
printer: true;
conffile_option: ("F", "conffile");
# List of includes to define runtime types
# (bug in libconfig? if swallows the brackets if they start
# the string)
includes: (
"probe.h",
" <sys/types.h>",
" <sys/socket.h>",
" <netdb.h>"
);
config: {
name : "sslhcfg",
type: "list",
items: (
{ name: "verbose"; type: "int"; default: 0; short: "v"; },
{ name: "foreground"; type: "bool"; default: false;
short: "f";
description: "Run in foreground instead of as a daemon"; },
{ name: "inetd"; type: "bool"; default: false;
short: "i";
description: "Run in inetd mode: use stdin/stdout instead of network listen"; },
{ name: "numeric"; type: "bool"; default: false;
short: "n";
description: "Print IP addresses and ports as numbers"; },
{ name: "transparent"; type: "bool"; default: false;
description: "Set up as a transparent proxy"; },
{ name: "timeout"; type: "int"; default: 5;
short: "t";
description: "Set up timeout before connecting to default target"; },
{ name: "user"; type: "string"; optional: true;
short: "u";
description: "Username to change to after set-up"; },
{ name: "pidfile"; type: "string"; optional: true;
short: "P"; argdesc: "<file>";
description: "Path to file to store PID of current instance"; },
{ name: "chroot"; type: "string"; optional: true;
short: "C"; argdesc: "<path>";
description: "Root to change to after set-up"; },
{ name: "syslog_facility"; type: "string"; default: "auth";
description: "Facility to syslog to"; },
{ name: "on-timeout"; type: "string"; default: "ssh";
description: "Target to connect to when timing out"; },
{ name: "listen",
no_cl_accessors: true; # disable generation of individual cl options for each group element (we create a specific --listen option further below)
type: "list",
items: (
{ name: "host"; type: "string"; var: true; },
{ name: "port"; type: "string"; var: true; },
{ name: "keepalive"; type: "bool"; default: false; }
)
},
{ name: "protocols",
no_cl_accessors: true;
type: "list",
items: (
{ name: "name"; type: "string"; },
{ name: "host"; type: "string"; var: true; },
{ name: "port"; type: "string"; var: true; },
{ name: "service"; type: "string"; optional: true; },
{ name: "fork"; type: "bool"; default: false },
{ name: "tfo_ok"; type: "bool"; default: false;
description: "Set to true if this protocol supports TCP FAST OPEN" },
{ name: "log_level"; type: "int"; default: 1 },
{ name: "keepalive"; type: "bool"; default: false },
{ name: "sni_hostnames",
type: "array",
element_type: "string"
},
{ name: "alpn_protocols",
type: "array",
element_type: "string"
},
{ name: "regex_patterns",
type: "array",
element_type: "string"
},
{ name: "minlength"; type: "int"; optional: true },
# Runtime data
{ name: "probe"; type: "runtime"; c_type: "T_PROBE*" },
{ name: "saddr"; type: "runtime"; c_type: "struct addrinfo*" },
{ name: "data"; type: "runtime"; c_type: "void*" }
)
}
)
}
# Command line for list settings: additional options that
# can set up several settings at once. Each option will
# create a new group setting entry if required (with
# defaults set up)
# This only works with string targets
# This may not be the right abstraction at all and way too
# sslh-centric
cl_groups: (
{ name: "listen"; pattern: "(.+):(\w+)"; description: "Listen on host:port";
short: "p"; argdesc: "<host:port>";
list: "listen";
# no override, this just adds to the list (and thus can be specified several times)
targets: (
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
);
},
{ name: "ssh"; pattern: "(.+):(\w+)"; description: "Set up ssh target";
list: "protocols"; # List name that we're defining with this command line option
override: "name"; # Field in the group to override. If not found in list, add an item
# (it's mandatory to have that field as one of the targets
# below)
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "ssh" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "fork"; value: 1 },
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "tls"; pattern: "(.+):(\w+)"; description: "Set up TLS/SSL target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "tls" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "openvpn"; pattern: "(.+):(\w+)"; description: "Set up OpenVPN target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "openvpn" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "tinc"; pattern: "(.+):(\w+)"; description: "Set up tinc target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "openvpn" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" },
{ path: "tfo_ok"; value: 1 }
);
},
{ name: "xmpp"; pattern: "(.+):(\w+)"; description: "Set up XMPP target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "xmpp" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
);
},
{ name: "http"; pattern: "(.+):(\w+)"; description: "Set up HTTP (plain) target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "http" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
);
},
{ name: "adb"; pattern: "(.+):(\w+)"; description: "Set up ADB (Android Debug) target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "adb" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
);
},
{ name: "socks5"; pattern: "(.+):(\w+)"; description: "Set up socks5 target";
list: "protocols";
override: "name";
argdesc: "<host:port>";
targets: (
{ path: "name"; value: "socks5" },
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
);
}
)