[sslh] Fw: Converting sslh in a http/s - OpenVPN Multiplexer
Yves Rutschle
yves at naryves.com
Tue May 31 10:18:48 CEST 2011
Hi,
There is something wrong with your e-mail software, I get a
glob of html and so do the mailing list archives (see below
and http://rutschle.net/pipermail/sslh/2011-May/000066.html).
I should have time to add this feature on thursday, I'll
keep you posted.
Cheers,
Y.
On Tue, May 31, 2011 at 12:39:05AM +0200, oruff at swoopin.com wrote:
> <FONT face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size=2><div><br></div><div><blockquote style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: 2px solid #000000; margin-right: 0px;"><font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2"><font size="2"></font></font>Hello All,<br><font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2"><div>I'm facing an issue ... I can't fix alone.<br>I'm forced to use a proprietary version of OpenVPN which doesn't handle the --port-share.<br>I went trough the source code of both sslh and OpenVPN but ... I'm definitely not a C developer (shame on me).<br><br>OpenVPN uses the following logic to identify if the connexion is OpenVPN or http/s :<br>/*<br> * Given either the first 2 or 3 bytes of an initial client -> server<br> * data payload, return true if the protocol is that of an OpenVPN<br> * client attempting to connect with an OpenVPN server.<br> */<br>bool<br>is_openvpn_protocol (const struct buffer *buf)<br>{<br> const unsigned char *p = (const unsigned char *) BSTR (buf);<br> const int len = BLEN (buf);<br> if (len >= 3)<br> {<br> return p[0] == 0<br> && p[1] >= 14<br> && p[2] == (P_CONTROL_HARD_RESET_CLIENT_V2<<P_OPCODE_SHIFT);<br> }<br> else if (len >= 2)<br> {<br> return p[0] == 0 && p[1] >= 14;<br> }<br> else<br> return true;<br>}<br><br><br>where as, you are using to identify if the connexion is ssh or ssl:<br>int client_sent_ssh_banner(struct connection *cnx) {<br> char buffer[BUFSIZ];<br> int n;<br> <br> n = read(cnx->q[0].fd, buffer, sizeof(buffer));<br> defer_write(&cnx->q[1], buffer, n);<br> if (!strncmp(buffer, "SSH-", 4)) {<br> return 1;<br> }<br> return 0;<br>}<br><br>can you help me adapt sslh so that it can sit in front of both my http/s revese proxy (100% closed source) and my OpenVPN (100% closed source) ?<br><br>Thanks in advance for your help<br></div><div><font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2"><font size="2">-------------------------------<br>Olivier RUFF<br>Swoop IN - Conseil en Informatique<br>58, rue Serpentine<br>78960 VOISINS LE BRETONNEUX<br>S.A. au Capital de 42000 EUR - RCS Versailles B 421 738 923<br>TVA : FR 94 421 738 923<br><br>Mobile :<br>Tel : +33 (0) 680 651 813<br><br>Office : <br>Fax : +33 (0) 130 482 138<br><br>e-mail :
> </font><a target="_blank" href="mailto:oruff at swoopin.com"><u><font color="#0000ff" size="2"><br>oruff at swoopin.com
> </font></u></a></font><br></div></font>
> </blockquote><br><br></div></FONT>
> _______________________________________________
> sslh mailing list
> sslh at rutschle.net
> http://rutschle.net/cgi-bin/mailman/listinfo/sslh
More information about the sslh
mailing list