[sslh] plug in =)

Fri Feb 24 16:27:26 CET 2012

On Fri, Feb 24, 2012 at 03:33:15PM +0100, Régis A. Despres wrote:
> Before I deep more in the code, would it be easy to include a
> configuration file listing the protocols & their trigger.

I see two ways to do it:

- linked libraries. I don't really want to go that way, that'd be complicated,
heavy and not very useful

- configuring something similar to regular expressions tested on the first
packet:

ssh: ^SSH-
tinc: ^0 
openvpn: \x00[\x0D-\xFF]

That could be done, but I'm worried we'll hit protocols that can't easily fit
in a regular expression. The OpenVPN probe is already borderline as it should
depend on the length of the packet.

Or did you have something else in mind?

However:

> The main goal of this : easing tests in order to add more protocols.

This really is very easy. You only need to edit common.c,
add an entry to the protocols[] array which defines the
command line option name and the probe function to call,
then add a function that'll get the the first packet as
parameter.

So if I want to add support for the foobar protocol, I add:

[... in protocols[]]
    { 0,         "foobar",        NULL,   {0}, is_foobar_protocol },
[...]
int is_foobar_protocol(const char *p, int len)
{
    if (!strncmp(p, "foobar:", 7)) {
        return 1;
    }
    return 0;
}

(foobar packets contain the string 'foobar:', apparently).

then make and run:

make && ./sslh -v -f -p hostname:443 --ssh localhost:22 --foobar localhost:31415 --ssl localhost:443

Hence I'm not sure moving to an external file would be better: we'd lose the
flexibility of being able to do anything C can do, and not gain all that much
in terms of ease of development. 

Y.