[sslh] libevent port?
ondra+sslh at mistotebe.net
ondra+sslh at mistotebe.net
Fri Sep 13 15:20:22 CEST 2013
Hi,
I've recently started using sslh in my network and have been wondering
whether you'd be interested in me porting sslh to libevent. I've been
building a libevent based reverse proxy (mistotebe/skeeter on github)
and adapting it to sslh should be quite easy.
Doing this, I reckon both the -fork and -select based backends could
eventually be superseded with a single binary that could handle the
connections in its event loop or fork depending on configuration. This
would allow some nifty features as well, like forking only for ssh (for
which the SSHd usually forks anyway so the overhead would not be that
high) and keeping the others in process.
Do you maintain a TODO list for sslh anywhere? If you do, here are a few
ponies I've collected since starting to use it:
- harden the probes to work with arbitrary ingres data (some probes
use strstr and similar)
- make hostname resolution in logs optional (limiting sslh visibility
and latency)
- have certain services available only from specified subnets
- have probes annotated with minimum amounts of data needed to make a
decision and/or let them return "cannot decide yet"
What do you think, is this worth pursuing/would you accept an
implementation if I provided one? What about making sslh compilable as
a skeeter loadable module (when/if skeeter grows loadable module
support)?
Cheers,
Ondra
More information about the sslh
mailing list