[sslh] sslh on RedHat

Michael Lang Michael.Lang at chester.at
Thu Jan 3 09:23:25 CET 2013 

On 01/02/2013 04:25 PM, Yves Rutschle wrote:
> Hi Michael,
>
> On Wed, Jan 02, 2013 at 12:42:02PM +0100, Michael Lang wrote:
> [...]
>> * the Makefile should have $(DEST)$(PREFIX) to be able to "relocate"
>> the binaries within the build environment
>>     (for now, I've moved the "make install" to the SPEC file by doing
>> the same as you do in your Makefile::install
> I am not sure what you're trying to achieve: compiling in a
> different directory so the source directory remains
> untouched?

Yves,

i was meaning, to be able to "smootly" redirect the output of "make 
install" to a different directory, normally people use DESTDIR in their 
makefile like

<from sslh-1.14/Makefile>
# generic install: install binary and man page
install: sslh $(MAN)
     install -D sslh-fork $(PREFIX)/sbin/sslh
     install -D -m 0644 $(MAN) $(PREFIX)/share/man/man8/$(MAN)

# should be changed to
# generic install: install binary and man page
install: sslh $(MAN)
     install -D sslh-fork $(DESTDIR)$(PREFIX)/sbin/sslh
     install -D -m 0644 $(MAN) $(DESTDIR)$(PREFIX)/share/man/man8/$(MAN)

</Makefile>

with this modification it would be possible to do something like
$ make install DESTDIR=/tmp/buildroot



>
>> * examples for configuring openvpn + tinc + ssh + ssl ... if this is
>> possible. I haven't been able to enable all protocols at once
> There should be no obstacle, just specify them all...
> although I haven't tried it, and in fact I doubt anyone
> would have use for some combinations (e.g. openvpn and tinc,
> which I understand perform a similar function).
>
> What do you mean that you were not able to enable them? It
> crashed, or just didn't work for some protocols?
>   


I've tried enabling all protocols at once, but it ended up in matching 
the last one specified eq:

protocols:
(
      { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; 
probe: "builtin"; },
      { name: "tinc"; service: "tinc"; host: "localhost"; port: "655"; 
probe: "builtin"; },
      { name: "openvpn"; host: "localhost"; port: "1194"; probe: 
"builtin"; },
      { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
      { name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; }
);

would always end at localhost:443 if connecting with openvpn and or tinc

>> * examples for matching protocols
> There are a couple of regex matchings in example.cfg.

i've seen your probe settings in the example.cfg but I'm missing an 
explanation how to be able to see what I should be matching there... do 
you know what I mean ? I can understand that for example jabber will be 
in the plain-text protocol of xmpp but what matches can be done against 
encrypted packages ? and what to look at those packages ? (maybe you 
could explain how you figured out the openvpn regex ?)

thanks for your answers ...
sorry  if I wasn't clear in the first mail :)

regards
mIke

>
>> I've attached the spec file and the tarball containing packages for
>> EL5 and EL6 (can be used on CentOS to)
> Thanks; I'll add them to the Web page alongside the source.
>
> Cheers,
> Y.
>

More information about the sslh mailing list