My setup
Makefile
VERSION=$(shell ./genver.sh -r)
# Configuration -- you probably need to `make clean` if you
# change any of these
# uncomment the following line to disable landlock
# override undefine HAVE_LANDLOCK
ENABLE_SANITIZER=false # Enable ASAN/LSAN/UBSAN
ENABLE_REGEX=1 # Enable regex probes
USELIBCONFIG=1 # Use libconfig? (necessary to use configuration files)
USELIBEV=1 # Use libev?
USESYSTEMD=1 # Make use of systemd socket activation
COV_TEST=false # Perform test coverage?
PREFIX?=/usr
BINDIR?=$(PREFIX)/sbin
MANDIR?=$(PREFIX)/share/man/man8
MAN=sslh.8.gz # man page name
# End of configuration -- the rest should take care of
# itself
ifneq ($(strip $(ENABLE_SANITIZER)),)
CFLAGS_SAN=-fsanitize=address -fsanitize=leak -fsanitize=undefined -fsanitize=alignment
endif
ifneq ($(strip $(COV_TEST)),)
CFLAGS_COV=-fprofile-arcs -ftest-coverage
endif
CC ?= gcc
AR ?= ar
CFLAGS +=-Wall -O2 -DLIBPCRE -g $(CFLAGS_COV) $(CFLAGS_SAN)
LIBS=-lm -lpcre2-8 -lwrap -lcap -lbsd
OBJS=sslh-conf.o common.o log.o sslh-main.o probe.o tls.o argtable3.o collection.o gap.o tcp-probe.o landlock.o proxyprotocol.o
OBJS_A=libsslh.a
FORK_OBJS=sslh-fork.o $(OBJS_A)
SELECT_OBJS=processes.o udp-listener.o sslh-select.o hash.o tcp-listener.o $(OBJS_A)
EV_OBJS=processes.o udp-listener.o sslh-ev.o hash.o tcp-listener.o $(OBJS_A)
CONDITIONAL_TARGETS=
ifneq ($(strip $(ENABLE_REGEX)),)
CPPFLAGS+=-DENABLE_REGEX
endif
ifneq ($(strip $(USELIBCONFIG)),)
LIBS:=$(LIBS) -lconfig
CPPFLAGS+=-DLIBCONFIG
endif
ifneq ($(strip $(USESYSTEMD)),)
LIBS:=$(LIBS) -lsystemd
CPPFLAGS+=-DSYSTEMD
CONDITIONAL_TARGETS+=systemd-sslh-generator
endif
ifneq ($(strip $(USELIBEV)),)
CONDITIONAL_TARGETS+=sslh-ev
endif
all: sslh-fork sslh-select $(MAN) echosrv $(CONDITIONAL_TARGETS)
%.o: %.c %.h version.h
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
$(OBJS_A): $(OBJS)
$(AR) rcs $(OBJS_A) $(OBJS)
version.h:
./genver.sh >version.h
$(OBJS) $(FORK_OBJS) $(SELECT_OBJS) $(EV_OBJS): argtable3.h collection.h common.h gap.h hash.h log.h probe.h processes.h sslh-conf.h tcp-listener.h tcp-probe.h tls.h udp-listener.h version.h
c2s:
conf2struct sslhconf.cfg
conf2struct echosrv.cfg
sslh-conf.c sslh-conf.h: sslhconf.cfg
$(warning "sslhconf.cfg is more recent than sslh-conf.[ch]. Use `make c2s` to rebuild using `conf2struct`")
sslh-fork: version.h Makefile $(FORK_OBJS)
$(CC) $(CFLAGS) $(LDFLAGS) -o sslh-fork $(FORK_OBJS) $(LIBS)
sslh-select: version.h $(SELECT_OBJS) Makefile
$(CC) $(CFLAGS) $(LDFLAGS) -o sslh-select $(SELECT_OBJS) $(LIBS)
sslh-ev: version.h $(EV_OBJS) Makefile
$(CC) $(CFLAGS) $(LDFLAGS) -o sslh-ev $(EV_OBJS) $(LIBS) -lev
systemd-sslh-generator: systemd-sslh-generator.o
$(CC) $(CFLAGS) $(LDFLAGS) -o systemd-sslh-generator systemd-sslh-generator.o -lconfig
echosrv-conf.c echosrv-conf.h: echosrv.cfg
$(warning "echosrv.cfg is more recent than echosrv-conf.[ch]. Use `make c2s` to rebuild using `conf2struct`")
echosrv: version.h echosrv-conf.c echosrv.o echosrv-conf.o argtable3.o
$(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o echosrv-conf.o argtable3.o $(LIBS)
landlock.o: config.h
$(MAN): sslh.pod Makefile
pod2man --section=8 --release=$(VERSION) --center=" " sslh.pod | gzip -9 - > $(MAN)
# Create release: export clean tree and tag current
# configuration
release:
git archive $(VERSION) --prefix="sslh-$(VERSION)/" | gzip > /tmp/sslh-$(VERSION).tar.gz
gpg --detach-sign --armor /tmp/sslh-$(VERSION).tar.gz
# Build docker image
docker:
docker image build -t "sslh:${VERSION}" .
docker image tag "sslh:${VERSION}" sslh:latest
docker-clean:
yes | docker image rm "sslh:${VERSION}" sslh:latest
yes | docker image prune
# generic install: install binary and man page
install: sslh-fork $(MAN)
mkdir -p $(DESTDIR)/$(BINDIR)
mkdir -p $(DESTDIR)/$(MANDIR)
install -p sslh-fork $(DESTDIR)/$(BINDIR)/sslh
install -p -m 0644 $(MAN) $(DESTDIR)/$(MANDIR)/$(MAN)
# "extended" install for Debian: install startup script
install-debian: install sslh $(MAN)
sed -e "s+^PREFIX=+PREFIX=$(PREFIX)+" scripts/etc.init.d.sslh > /etc/init.d/sslh
chmod 755 /etc/init.d/sslh
update-rc.d sslh defaults
uninstall:
rm -f $(DESTDIR)$(BINDIR)/sslh $(DESTDIR)$(MANDIR)/$(MAN) $(DESTDIR)/etc/init.d/sslh $(DESTDIR)/etc/default/sslh
update-rc.d sslh remove
distclean: clean
rm -f tags sslh-conf.[ch] echosrv-conf.[ch] cscope.*
clean:
rm -f sslh-fork sslh-select $(CONDITIONAL_TARGETS) echosrv version.h $(MAN) systemd-sslh-generator *.o *.gcov *.gcno *.gcda *.png *.html *.css *.info
tags: *.c *.h
ctags *.[ch]
cscope:
-find . -name "*.[chS]" >cscope.files
-cscope -b -R
test:
./t
systemd file
[Unit]
Description=SSLH Event Multiplexer
After=syslog.target network.target
[Service]
Type=simple
User=nobody
#Group=nobody
ExecStart=/usr/sbin/sslh-ev -F /etc/sslh.cfg
WorkingDirectory=/usr
TimeoutSec=30
RestartSec=2
StandardOutput=journal
StandardError=journal
SyslogIdentifier=sslh
Restart=always
### Modify these two values and uncomment them if you have repos with lots of files and get an HTTP error 500 because of that
LimitMEMLOCK=infinity
LimitNOFILE=65535
### If you want to bind Gitea to a port below 1024 uncomment the two values below
CapabilityBoundingSet=CAP_NET_BIND_SERVICE,CAP_NET_ADMIN=+ep
AmbientCapabilities=CAP_NET_BIND_SERVICE,CAP_NET_ADMIN=+ep
[Install]
WantedBy=multi-user.target
Error
When starting the service using sudo service sslh start, it starts, regurgitates this error
~/Gits/sslh-ev$ sudo /usr/sbin/sslh-ev -F /etc/sslh.cfg
=================================================================
==48250==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 256 byte(s) in 1 object(s) allocated from:
#0 0x7f72fb1d2c38 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
#1 0x7f72faf630d0 (/lib/x86_64-linux-gnu/libconfig.so.9+0x80d0)
Indirect leak of 3328 byte(s) in 24 object(s) allocated from:
#0 0x7f72fb1d2c38 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
#1 0x7f72faf5ea03 (/lib/x86_64-linux-gnu/libconfig.so.9+0x3a03)
Indirect leak of 1472 byte(s) in 23 object(s) allocated from:
#0 0x7f72fb1d2a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7f72faf5e987 (/lib/x86_64-linux-gnu/libconfig.so.9+0x3987)
Indirect leak of 384 byte(s) in 24 object(s) allocated from:
#0 0x7f72fb1d2a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7f72faf5ea1e (/lib/x86_64-linux-gnu/libconfig.so.9+0x3a1e)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f72fb1d2a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7f72faf5eada in config_init (/lib/x86_64-linux-gnu/libconfig.so.9+0x3ada)
Indirect leak of 17 byte(s) in 2 object(s) allocated from:
#0 0x7f72fb1799a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x7f72faf5e99b (/lib/x86_64-linux-gnu/libconfig.so.9+0x399b)
Indirect leak of 14 byte(s) in 1 object(s) allocated from:
#0 0x7f72fb1799a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x7f72faf63133 in scanctx_init (/lib/x86_64-linux-gnu/libconfig.so.9+0x8133)
SUMMARY: AddressSanitizer: 5535 byte(s) leaked in 76 allocation(s).
What am I missing here?
If I start it manually with /usr/sbin/sslh-ev -F /etc/sslh.cfg I get the error above, but sslh is running and multiplexes my traffic.
My setup
Makefile
systemd file
Error
When starting the service using
sudo service sslh start, it starts, regurgitates this errorWhat am I missing here?
If I start it manually with
/usr/sbin/sslh-ev -F /etc/sslh.cfgI get the error above, but sslh is running and multiplexes my traffic.